My Kazaam Notes Management System SQL Injection / Cross Site Scripting

🗓️ 13 Jul 2010 00:00:00Reported by L0rd CrusAd3rType

packetstorm🔗 packetstormsecurity.com👁 27 Views

My Kazaam Notes Management System Multiple Vulnerability. Use order tracking system with message confirmed, progress chart or online diary. Operates with file numbers to separate entries

`Author: L0rd CrusAd3r aka VSN [[email protected]]  
Exploit Title: My Kazaam Notes Management System Multiple Vulnerability  
Vendor url:http://www.mykazaam.com  
Version:1  
Published: 2010-07-11  
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,  
Sai, KD, M4n0j.  
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com  
Shoutzz:- To all ICW members.  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
Description:  
  
Use as an order tracking system with Message confirmed, as a progress chart  
or an online diary. Operates with file numbers to separate entries  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
  
Vulnerability:  
  
Enter the attack parameter on the "Enter Refernce Number Below" Text box  
  
*SQLi Vulnerability  
  
DEMO URL :  
  
http://server/path/notes.php[sqli]  
  
*XSS Vulnerability  
  
DEMO URL:  
  
http://server/path/notes.php[xss]  
  
*HTML Vulnerability  
  
DEMO URL:  
  
http://server/path/notes.php[html]  
  
  
# 0day n0 m0re #  
# L0rd CrusAd3r #  
  
  
--   
With R3gards,  
L0rd CrusAd3r  
  
`

13 Jul 2010 00:00Current

0.6Low risk

Vulners AI Score0.6