|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
PHP-Auction SQL injection
l2odon
yahoo.com
Date: Tue Jul 25 2006 - 16:43:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
#----------------------------------------------------------
#Aria-Security.net Advisory
#Discovered by: l2odon
#< www.Aria-security.net>
#Gr33t to: A.u.r.a & O.U.T.L.A.W & R1D3N DrtRp & Cl0wn
#-----------------------------------------------------------
#Software: PHP-Auction
#Vendor: http://www.vhcs.net
#Attack method: SQL Injection
#Original advisory:http://www.aria-security.net/advisory/phpauction.txt
#
#
#
#Proof of Concept:
#
#http://www.site.com/phpbb/auction_room.php?ar=[num][sql]
#http://www.site.com/phpbb/auction_rating.php?mode=view&u=[num][sql]
#http://www.site.com/phpbb/auction_store.php?mode=store&u=[num][sql]
#http://www.site.com/phpbb/auction_room.php?order=price_asc&ar=[num][sql]
#
#----------------------------------------------------------
#
#Solution
#contact me: AdvisoryAria-Security.net
#
#----------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]