header-logo
Suggest Exploit
vendor:
PHPortfolio
by:
lionaneesh
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPortfolio
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

SQL Injection Vulnerbility in PHP Portfolio

A hacker can get admin access to web database leading to further attacks, Shelling and Rooting of server. The POC is http://[sitename]/[pathToApplication]/photo.php?id=%InjectHere%. For example, http://site.com/work/photo.php?id=%injectHere%19

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: SQL Injection Vulnerbility in PHP Portfolio
# Google Dork: "Powered by PHPortfolio"
# Date: 23/5/2011
# Author: lionaneesh
# Software Link: http://outshine.com/phportfolio/ http://www.outshine.com/software/phportfolio/intro.php
# Risk Level : High
# A hacker can get admin access to web database leading to further
attacks , Shelling and Rooting of server

POC :-

http://[sitename]/[pathToApplication]/photo.php?id=%InjectHere%


Sample :-

http://site.com/work/photo.php?id=%injectHere%19

--------------------------------------------------------------------------------
================================================================================
lionaneesh

Catch my News : http://www.thehackernews.com/search?q=lionaneesh

Greetz to : lucky(indishell) , Aasim Shaikh(indishell) , Team
Indishell , Team ICA

Hack For INDIA , Live for INDIA

================================================================================
--------------------------------------------------------------------------------

-- 
Thanks
Aneesh Dogra (lionaneesh)

Navigation

Suggest Exploit

Services By CQR