Home / os / win7

[webapps / 0day] - FAQMasterFlex 1.2 SQL Injection Vulnerabi

Posted on 04 October 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>FAQMasterFlex 1.2 SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='FAQMasterFlex 1.2 SQL Injection Vulnerability by cyb3r.anbu in webapps / 0day | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>=============================================
FAQMasterFlex 1.2 SQL Injection Vulnerability
=============================================

# Author: [cyb3r.anbu]
# Software Link: [http://www.lethalpenguin.net/design/faqmasterflex.php]
# Version: [1.2]
# Tested on: [Ubuntu]
 
thx:modpr0be,oebaj,bpdp,wamika crew-
 
Bugs found on faq.php :
--snip--
&lt;p&gt;&lt;a href=&quot;&lt;?php echo
&quot;$_SERVER[PHP_SELF]?print=true&amp;cat_name=$cat_name&amp;category_id=$category_id&quot;
?&gt;&quot;&gt;Print FAQs&lt;/a&gt;&lt;/p&gt;
    &lt;table width=&quot;100%&quot; border=&quot;0&quot; cellpadding=&quot;8&quot; cellspacing=&quot;0&quot;&gt;
        &lt;?php
                include &quot;faq_config.php&quot;;
                $result = mysql_query(&quot;SELECT * FROM faqs WHERE category_id
= &#039;$category_id&#039;&quot;) or die(mysql_error());
                while ($row = mysql_fetch_array($result)) {
--snip
 
PoC:
http://victim/FAQMasterFlex/faq.php?print=true&amp;cat_name=cinema&amp;category_id=[validid][SQL
Injection]
 
thanks for your attention,
 
regrads,
cyb3r.anbu


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-04]</pre></body></html>

 

TOP

Malware :

Exploits :