- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 14325
- Проверка EDB
-
- Пройдено
- Автор
- L0RD CRUSAD3R
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2010-4985 cve-2010-4984
- Дата публикации
- 2010-07-10
Код:
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title: My Kazaam Notes Management System Multiple Vulnerability
Vendor url:http://www.mykazaam.com
Version:1
Published: 2010-07-11
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
Use as an order tracking system with Message confirmed, as a progress chart
or an online diary. Operates with file numbers to separate entries
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:
Enter the attack parameter on the "Enter Refernce Number Below" Text box
*SQLi Vulnerability
DEMO URL :
http://server/path/notes.php[sqli]
*XSS Vulnerability
DEMO URL:
http://server/path/notes.php[xss]
*HTML Vulnerability
DEMO URL:
http://server/path/notes.php[html]
# 0day n0 m0re #
# L0rd CrusAd3r #
--
With R3gards,
L0rd CrusAd3r- Источник
- www.exploit-db.com
