Sijio Community Software – SQL Injection / Persistent Cross-Site Scripting

• Exploit Database
• 13 阅读

• 作者： Sid3^effects
  日期： 2010-07-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14260/

• ########################################################
  # I'm SiD3^effects member from Inj3ct0r Team #
  #Support e-mail: submit[at]inj3ct0r.com#
  ########################################################
  Name : Sijio Community Software SQLi/Persistent XSS Vulnerability
  Date : july, 7 2010
  Critical Level 	: HIGH
  Vendor Url : http://www.sijio.com/
  Google Dork: © Powered by sijio - Community Software
  Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
  special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
  greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
  #######################################################################################################
  Xploit:SQLi Vulnerability 
  
  DEMO URL : http://server/gallery/?parent=[SQLi]
  ########################################################################################################
  Xploit:Persistent XSS Vulnerability
  
   The following script has persistent xss vuln in the blog section. 
  Step 1: Register :D 
  
  Step 2: Goto your blog section and post your new evil blog :P
  
  Demo url :http://server/my_blogs/
  
  Post your evil xss content in the blog section and the url is http://www.axlex.com/edit_blog/
  
  Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> 
  Step 3 : Now goto the main page,check the blog section and the url is http://www.axlex.com/blogs/ and find your evil script:P
   
  The attacker can injected evil xss script in the blog section :D 
  ########################################################################################################
  # 0day no more 
  # Sid3^effects