Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:18661
HistoryDec 22, 2009 - 12:00 a.m.

paFileDB 3.1 XSS Redirect Vulnerability

2009-12-2200:00:00
Root
www.seebug.org
21
JSON

No description provided by source.


                                                [*]##############################################
[+] |____ViRuS_HiMa@YouR SyS__|__\              #
[+] |______________________|___||\*___          #
[+] |______________________|___||""|"*\___,     #
[+] |______________________|___||""|*"|___||    #
[+] "([ (@)''(@)""""""(|*(@)(@)********(@)*     #
[+]======================================================================||
[*] Title       : paFileDB 3.1 Xss Vuln as Redirecting Method .          ||
[!] Author      : ViRuS_HiMa                                             ||
[!] My Site     : wWw.HeLL-z0ne.org                                      ||
[!] E-Mail      : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM                    ||
[!] Location    : Null,Null,Data+From+Egypt+Where+City_Name=Cairo--      ||
[!]======================================================================||
[!]                      [H]eL[L] [Z]on[E] [C]re[W]                      ||
[!]======================================================================||

   Description :

   paFileDB Is a web library witch allow you to upload & download files

   to your site , bla bla bla :p

   Bug :

   it was vulned be4 to upload your evil files , from :

   www.sitename.com/PfdPath/dload.php?action=user_upload

   some sites is asking you to register , , and others wasnt accept

   extensions except Images extensions , and more of problems .

   so we gonna use the same exploit but as xss method ,


   Enter the url , use this code :

  ">"">><meta http-equiv="Refresh" content="0;url=http://hell-z0ne.org">"">

   write the code in this fields :

   "File Name","Short Description","Long Description"

  and write any thing in the other fields ,

  in "Category" field you have to choose an category whech have the Negative mark "-"

  in  Screenshot field you can upload your phpshell ,

  if dosnt accept you can upload any image ,  what ever ,

  now press on Add File , Then go to :

  http://server/PfdPath/dload.php


  and enter the category where you post your xss code , ,

  cool its redirecting the site to your url that you put in the xss code

  http://hell-z0ne.org

  ">"">><meta http-equiv="Refresh" content="0;url=http://hell-z0ne.org">"">
[!]==============================================
[!] ya providor y2goog we m2goog 3amlen eh :p [!]
[!] Selamat Datang saudraku Black_Raptor :)   [!]
[!]=================================================================================
[!] Greatz : Providor,HcJ,ExH,Sina,Hakxer,oXide,Dr-Plus,Mo3tz,Prof.Selim,         [!]
[!]          X@Injector,Maestro-dz,Kasper-ksa,Qahtan-Sniper,Mr.G7eeM And ze Otherz[!]
[!]==================================================================================
JSON