<<< Date Index >>>     <<< Thread Index >>>

SQL IN PortailPHP



Class:  Input Validation Error  
CVE:  CVE-MAP-NOMATCH 
Remote:  Yes 
Local: yes
Credit: ABDUCTER   ---> ABDUCTER_MINDS@xxxxxxxxx [OR] 
ABDUCTER_MINDS76@xxxxxxxxxxx
Vulnerable: PortailPHP 2.4 and all version
***************************************

info :- PortailPHP POWERFUL FORUM AND formal site http://www.portailphp.com/
  there is sql in index.php
***************************************

discussion :- sql in indwx.php make an error in database and appear full path 
informathion like
that (Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 34 
in /home/httpd/vhosts/***/httpdocs/portailphp/mod_forum/read_mess.php on line 
14)
****************************************

exploit:- index.php?affiche=Forum-read_mess&id=[sql]
         example 
www.victim.com/portailphp/index.php?affiche=Forum-read_mess&id='
*****************************************
CREDITS :- FOR ALL ARAB {EGYPT}
           WWW.S4A.CC
           TO MY LOVE (N0N0)