FAQMasterFlex 1.2 SQL注入漏洞

FAQMasterFlex一个FAQ系统,功能完备,界面简洁清新。FAQMasterFlex 1.2中的faq.php文件存在SQL注入漏洞,可能导致敏感信息泄露。

[+]info:
~~~~~~~~~
FAQMasterFlex 1.2 SQL Injection Vulnerability
# Author: [cyb3r.anbu]
# Software Link: [http://www.lethalpenguin.net/design/faqmasterflex.php]
# Version: [1.2]
# Tested on: [Ubuntu]
Bugs found on faq.php :
--snip--
<p><a href="<?php echo
"$_SERVER[PHP_SELF]?print=true&cat_name=$cat_name&category_id=$category_id"
?>">Print FAQs</a></p>
    <table width="100%" border="0" cellpadding="8" cellspacing="0">
        <?php
                include "faq_config.php";
                $result = mysql_query("SELECT * FROM faqs WHERE category_id
= '$category_id'") or die(mysql_error());
                while ($row = mysql_fetch_array($result)) {
--snip

[+]poc:
~~~~~~~~~
http://victim/FAQMasterFlex/faq.php?print=true&cat_name=cinema&category_id=[validid][SQLInjection]

[+]Reference:
~~~~~~~~~
http://www.exploit-db.com/exploits/15200

0 条评论

留下评论