https://www.exploit-db.com/exploits/23064
https://www.securityfocus.com/bid/82731
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-059

global.php3ofAttilaPHP3.0版本和可能早期的版本存在SQL注入漏洞。远程攻击者可以通过modifiedcook_id参数绕过验证。

source: http://www.securityfocus.com/bid/8502/info

An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks. 

Set the URI parameter "cook_id" to the value "0 OR visiteur=1" in a request to
http://www.example.org/index.php3

Attila-Php.Net Attilaphp 3.0

来源:VULNWATCH
名称:20030826[PHP]AttilaPHP3.0:User/AdminAccess
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html