My Kazaam Notes Management System – Multiple Vulnerabilities

• Exploit Database
• 7 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-07-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14325/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title: My Kazaam Notes Management System Multiple Vulnerability
  Vendor url:http://www.mykazaam.com
  Version:1
  Published: 2010-07-11
  Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
  Sai, KD, M4n0j.
  Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
  Shoutzz:- To all ICW members.
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  Description:
  
  Use as an order tracking system with Message confirmed, as a progress chart
  or an online diary. Operates with file numbers to separate entries
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  Enter the attack parameter on the "Enter Refernce Number Below" Text box
  
  *SQLi Vulnerability
  
  DEMO URL :
  
  http://server/path/notes.php[sqli]
  
  *XSS Vulnerability
  
  DEMO URL:
  
  http://server/path/notes.php[xss]
  
  *HTML Vulnerability
  
  DEMO URL:
  
  http://server/path/notes.php[html]
  
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #
  
  
  -- 
  With R3gards,
  L0rd CrusAd3r