PHP RPG version 0.8.0 appears to suffer from SQL injection and information disclosure vulnerabilities.
82606c7cdc6c253a2d398c5aa5215f03f2ad16e494c479fe212350a6f8aa3a9eBy Michael Brooks
Vulneralbity: Sql Injection and Session Information Disclosure.
Homepage:http://sourceforge.net/projects/phprpg/
Verison affected 0.8.0
There are two flaws that affect this applcation. A nearly vinnella login bypass issues affects phprpg. If magic_qutoes_gpc=off then this will login an attacker as the administrator using this:
username:1'or 1=1 limit 1/*
password:1
Keep in mind that magic_quotes_gpc is being removed in php6!
The second flaw allows an attacker to steal any session registered by phprpg by navigating to this directory:
http://localhost/phpRPG-0.8.0/tmp/
This is because phprpg has manually changed the directory using session_save_path() which is called in init.php on line 49.
Peace
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed