Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:PHPAccess SQLi Vulnerability
Version:n/a
Vendor url:http://www.krizleebear.de
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all
ICW members
############################################################################################################
PHPAccess SQLi Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
############################################################################################################
Description:
PHPAccess allows you to easily safe your Website against unallowed access.
It offers an intuitive and easy-to-use user-interface that displays current
information and possible actions on one page.
You don't have to know anything about the complex unix-htaccess-system nor
do you have to create the .htaccess- / .htpasswd-files.
PHPAccess does this job for you. You even don't have to know the absolute
path to your website - PHP finds this information automatically.
With PHPAccess you can add, modify and delete the users that have access to
your data.
All you have to do is upload the PHPAccess-file, give it the correct
file-permissions (via ftp-proggie) and start PHPAccess in your web-browser.
###########################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://server/phpaccess/dynamisch/index.php
