Today I finished 'version 4' of one of my python project: a PHP source code scanner.
I decided to run it against some simple web application.
Found one of course at sourceforge.net : phpMiniAdmin (1.7.110429).
For a few seconds program found few interesting possiblility of vulnerabilities existing in scanned php.
One from the list is possible SQL Injection attack:
--- cut phpminiadmin.php ---
130 function do_sql($q){
--- cut ---
So for a quick-test, type for $q= some'thing, and see whats happen?
http://localhost//phpminiadmin.php?XSS=4F4B12d3aEBa4ba&q=%'hereissql
Other one is unpropper validation of the same parameter ($q), but this time, is XSS:
I know this web application isnt something like Fusion CMS or ect... Im just happy, the code is working;)
No comments:
Post a Comment
What do You think...?