Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13040
HistoryJun 09, 2006 - 12:00 a.m.

Mafia Moblog Full Path Disclosure / SQL injection

2006-06-0900:00:00
vulners.com
7
JSON

Produce : Mafia Moblog
WebSite :http://mafia.pearlabs.org
Version : 6 Full and Prior
Discovred By :Moroccan Security Research Team (Simo64)
IMPACT : Manipulation of data, System access

[+] Full Path Disclosure :
The problem is that it is possible to disclose the full path to 'big.php','upgrade.php' by accessing
directly.

Exemple:

http://localhost/moblog/big.php

Result :

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in
/home/simo64/www/moblog/templates/match plus/big.php on line 54

[+] SQL Injection :

Input passed to 'img' parameters in 'big.php' is not properly sanitised
before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

[-] Vulnerable Code in 'templates/match plus/big.php' :

52 $query = "SELECT * FROM $table WHERE id=$img";
53 $result = mysql_query($query);
54 $row = mysql_fetch_row($result);

[-] Exploit : http://localhost//moblog/big.php?img=[SQL]&pg=1

[+]Contact : [email protected] [Moroccan Security Team]

JSON