PvPGN Webregister - Multiple Vulnerabilties

September 19, 2017 in PvPGN Hacking
https://rchase.com/static/img/phpinjection.png

Overview

I discovered 2 SQL injection vulnerabilities and 1 authenticated PHP injection vulnerability in PvPGN Webregister 0.4. I comitted 2 patches fixing the issues.

SQL injection on “acct_email” POST parameter:

https://github.com/pvpgn/phputils/commit/776ec99f447a79eeae964524351e937cd5cb4100

SQL injection on “user” GET parameter, PHP injection on “username” POST parameter:

https://github.com/pvpgn/phputils/commit/61a48960607fe8aadc10cd6c7d64850c2192041d

Subscribe for updates

comments powered by Disqus

Latest Posts

IoT Hacking: Momentum IP Camera - Penetration Test Report
Apr 23, 2018
IoT Hacking: Momentum IP Camera - Penetration Test Report
Read More
IoT Hacking: Momentum IP Camera - Custom Firmware
Apr 13, 2018
IoT Hacking: Momentum IP Camera - Custom Firmware
Read More
IoT Hacking: Momentum IP Camera - Getting Root
Apr 12, 2018
IoT Hacking: Momentum IP Camera - Getting Root
Read More