PHP Gift Registry 1.5.5 SQL Injection

PHP Gift Registry 1.5.5 SQL Injection: Posted Feb 24, 2012; Authored by G13; PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, php, registry, sql injection; advisories | CVE-2012-2236; SHA-256 | 4ac4aa8616e0e3980f8f8d7134ddd0f3313c957f363637fe93a4bd2f1459d278; Download | Favorite | View

PHP Gift Registry 1.5.5 SQL Injection

# Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
# Date: 02/22/12
# Author: G13
# Software Link: https://sourceforge.net/projects/phpgiftreg/
# Version: 1.5.5
# Category: webapps (php)
#

##### Vulnerability #####

The userid parameter in the users.php file is vulnerable to SQL Injection.

A user must be signed in to exploit this.

##### Vendor Notification #####

02/22/12 - Vendor Notified
02/24/12 - No response, disclosure

##### Exploit #####

http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi]

Top Authors In Last 30 Days

Red Hat 419 files
Ubuntu 107 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 7 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,896)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,654)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,152)
UNIX (9,340)
UnixWare (187)
Windows (6,609)
Other

PHP Gift Registry 1.5.5 SQL Injection

PHP Gift Registry 1.5.5 SQL Injection

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHP Gift Registry 1.5.5 SQL Injection

Share This

PHP Gift Registry 1.5.5 SQL Injection

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems