Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PhpList Sql Injection and Path Disclosure

from [thegreatone2176] Network Security [Permanent Link]
Subject: PhpList Sql Injection and Path Disclosure
Date: 28 Jul 2005 00:01:05 -0000 
-----------------------------------------
PhpList Sql Injection and Path Disclosure
-----------------------------------------

Vulnerabilities
---------------

1) There is an sql injection in the id parameter of 
public_html/lists/admin/?page=admin&id=INJECT HERE

2) Because of the heavy use of classes without proper checking of whether the 
script is directly called there is many path disclosures. The following pages 
are all affected under the preceding directory.

public_html/lists/admin:
about.php
connect.php
domainstats.php
usercheck.php

admin/commonlib/pages:
attributes.php
dbcheck.php
importcsv.php
user.php
usermgt.php
users.php

public_html/lists/admin/plugins:
helloworld.php
sidebar.php

public_html/lists/admin/plugsins/defaultplugin:
main.php

Solution
--------

1) cleanse the id parameter before processing

2) check to see if the script is being directly called and then have the script 
die

Credit
------

thegreatone2176@yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • PhpList Sql Injection and Path Disclosure, thegreatone2176 <=
Previous by Date:  Re: Getting round website authentication with Firefox, Nate Smith
Next by Date:  Re: PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities, at
Previous by Thread:  [Full-disclosure] [USN-155-2] Updated Epiphany packages to match Mozilla security update, Martin Pitt
Next by Thread:  Re: PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities, at
Indexes:  [Date] [Thread] [Top] [All Lists]