Exploit Esoftpro Online Photo Pro 2 - Multiple Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14205
Проверка EDB
  1. Пройдено
Автор
L0RD CRUSAD3R
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2010-4999
Дата публикации
2010-07-04
Код:
Exploit Title: Esoftpro Online Photo Pro Multiple Vulnerability
Vendor url:http://www.esoftpro.com/
Version:2
Author: L0rd CrusAd3r aka VSN [[email protected]]
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Online Photo Pro (formerly known as EPhoto PRO) is the state-of-the-art
online photo catalog that allows you to create a professional online catalog
in no time. It can be used as a Photo Gallery, Product Catalog, CD
Collection, Image Database or anything you can imagine. Online Photo Pro
features Auto Category & Photo Listing, Sorting, Independent Message Board
for each photo, Comprehensive Stats, Rating, Full Admin Interface and much
more.

With Online Photo Pro :-

    * No more manual file transfer
    * No more manual HTML code editing
    * No more complex files and directories
    * No more lack of interaction
    * No more boring static pages
    * ONE single script file handles UNLIMITED PHOTOS

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/OPP/index.php?section=[sqli]

*XSS Vulnerability

DEMO URL :

http://server/OPP/index.php?section=[xss]

*HTML Injection

DEMO URL:

http://server/OPP/index.php?section=[html]

# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r
 
Источник
www.exploit-db.com

Похожие темы