paFileDB 3.1 XSS Redirect Vulnerability

2009-12-22T00:00:00
ID SSV:18661
Type seebug
Reporter Root
Modified 2009-12-22T00:00:00

Description

No description provided by source.

                                        
                                            
                                                [*]##############################################
[+] |____ViRuS_HiMa@YouR SyS__|__\              #
[+] |______________________|___||\*___          #
[+] |______________________|___||""|"*\___,     #
[+] |______________________|___||""|*"|___||    #
[+] "([ (@)''(@)""""""(|*(@)(@)********(@)*     #
[+]======================================================================||
[*] Title       : paFileDB 3.1 Xss Vuln as Redirecting Method .          ||
[!] Author      : ViRuS_HiMa                                             ||
[!] My Site     : wWw.HeLL-z0ne.org                                      ||
[!] E-Mail      : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM                    ||
[!] Location    : Null,Null,Data+From+Egypt+Where+City_Name=Cairo--      ||
[!]======================================================================||
[!]                      [H]eL[L] [Z]on[E] [C]re[W]                      ||
[!]======================================================================||

   Description :

   paFileDB Is a web library witch allow you to upload & download files

   to your site , bla bla bla :p

   Bug :

   it was vulned be4 to upload your evil files , from :

   www.sitename.com/PfdPath/dload.php?action=user_upload

   some sites is asking you to register , , and others wasnt accept

   extensions except Images extensions , and more of problems .

   so we gonna use the same exploit but as xss method ,


   Enter the url , use this code :

  ">"">><meta http-equiv="Refresh" content="0;url=http://hell-z0ne.org">"">

   write the code in this fields :

   "File Name","Short Description","Long Description"

  and write any thing in the other fields ,

  in "Category" field you have to choose an category whech have the Negative mark "-"

  in  Screenshot field you can upload your phpshell ,

  if dosnt accept you can upload any image ,  what ever ,

  now press on Add File , Then go to :

  http://server/PfdPath/dload.php


  and enter the category where you post your xss code , ,

  cool its redirecting the site to your url that you put in the xss code

  http://hell-z0ne.org

  ">"">><meta http-equiv="Refresh" content="0;url=http://hell-z0ne.org">"">
[!]==============================================
[!] ya providor y2goog we m2goog 3amlen eh :p [!]
[!] Selamat Datang saudraku Black_Raptor :)   [!]
[!]=================================================================================
[!] Greatz : Providor,HcJ,ExH,Sina,Hakxer,oXide,Dr-Plus,Mo3tz,Prof.Selim,         [!]
[!]          X@Injector,Maestro-dz,Kasper-ksa,Qahtan-Sniper,Mr.G7eeM And ze Otherz[!]
[!]==================================================================================