Sign up | Forget your password?
English Franšais

Forum > Bugs

Security Advisory: Multiple Vulnerabilities found in phpmysport v1.4

 
Author Topic

AMol NAik
Security Advisory: Multiple Vulnerabilities found in phpmysport v1.4
Mon Jan 11, 10 - 14:26

Hi,

Myself, Amol Naik, a security consultant and evangelist. During assessment, I found Multiple Vulnerability in your application (phpmysport v1.4).

My Work: http://www.exploit-db.com/list.php?description=&author=amol

I have not received any response on the mail sent to djayp@users.sourceforge.net

1. Multiple SQL Injection:

Multiple SQL Injection instances exist in phpmysport v1.4 when "magic_quotes_gpc = OFF".

2. Unprotected Access to File Manager:

Access to File manager is unprotected and by using dot-dot-slash (/../../), it is possible to view directory structure of the target system.

 

TimeLine:
Bug Discovered: 01/01/2010
Informed Vendor: 09/01/2010

For PoC, feel free to contact at amolnaik4[at]gmail.com.


Regards,
AMol NAik


AMol NAik
Security Advisory: Multiple Vulnerabilities found in phpmysport v1.4
Fri Jan 15, 10 - 05:37

I have not received any response till the date.

 

I'm going to disclose this public on 18th Jan 2010.

 

AMol NAik


Jaap
Security Advisory: Multiple Vulnerabilities found in phpmysport v1.4
Mon Feb 08, 10 - 17:32

AMol NAi,

 

As it is your proffesion......

Are you willing to give us some tips for a more save use of the programme?


charly
Security Advisory: Multiple Vulnerabilities found in phpmysport v1.4
Sun Feb 28, 10 - 19:50

Lo que dice es cierto yo lo he comprobado, los desarroladrores brillan por su ausencia, el programa si bien está bueno, tiene muchas muchas vulnerabilidades.