PHP Bible Search 0.99 Multiple Vunerable

2010-07-03 / 2010-07-04
Credit: L0rd CrusAd3r aka VSN
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-2616 | CVE-2010-2617
CWE: CWE-89
CWE-79

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title:PHP Bible Search Multiple Vunerable Vendor url:http://phpbiblesearch.sourceforge.net/ Version:1 Published: 2010-06-29 Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: www.Topsecure.net, inj3ct0r Team ,Andhrahackers.com Shoutzz:- To all ICW members. ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Description: PHP Bible Search provides a PHP script that is capable of searching a MySQL version of the Holy Bible. It aims to be flexible in search types available, and thereby provide something very useful in finding texts in the Bible. Code: PHP 4.0 ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Vulnerability: *SQLi Vulnerability DEMO URL : http://phpbiblesearch.sourceforge.net/bible.php?string=&book=2&chapter=[sqli] *XSS Vulnerability DEMO URL: http://phpbiblesearch.sourceforge.net/bible.php?string=&book=2&chapter=[xss] # 0day n0 m0re # # L0rd CrusAd3r #

References:

http://xforce.iss.net/xforce/xfdb/59843
http://www.securityfocus.com/bid/41197
http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top