[ home ]  [ private ]  [ 0Day ]  [ discount ]  [ Get Gold ]  [ platforms ]  [ pentest ]  [ search ]  [ faq ]  [ contact ]  [ style ]  [ Prices in Gold ]   db: 39 581    
0day Today Exploit DB Official Facebook
0day Today Exploit DB Official Twitter
0day Today Exploit DB Official RSS Channel
Tor
We DO NOT use Telegram or any messengers / social networks!
We DO NOT use Telegram or any messengers / social networks!

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

 
0day.today - Biggest Exploit Database in the World.
Select your language:  
English
English
Русский
Русский
Deutsch
Deutsch
Türkçe
Türkçe
Français
Français
Italiano
Italiano
Español
Español
Romania
Romania
Polskie
Polskie
العربية
العربية
Japan
Japan
China
China
Things you should know about 0day.today:
  • We use one main domain: http://0day.today
  • Most of the materials is completely FREE
  • If you want to purchase the exploit / get V.I.P. access or pay for any other service,
    you need to buy or earn GOLD
We accept currencies: [contact admin to find more]
           
We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
I am registered user of 0day.today. I don't want to see this screen in future.
What to do first?
  1. Read the [ agreement ]
  2. Read the [ Submit ] rules
  3. Visit the [ faq ] page
  4. [ Register ] profile
  5. Get [ GOLD ]
  6. If you want to [ sell ]
  7. If you want to [ buy ]
  8. If you lost [ Account ]
  9. Any questions [ admin@0day.today ]


Main links


You can contact us by

Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
0day Today Exploits Market and 0day Exploits Database

Funeral Script PHP Cross Site Scripting / SQL Injection

Author
snup
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-18971
Category
web applications
Date add
12-07-2012
Platform
php
Funeral Script PHP - Multiple Web Vulnerabilites

Introduction:
=============
At your request and for a reasonable price, we may add or change features on the Funeral Script PHP. Funeral Script PHP 
requires PHP 4.3 or higher and MySQL 3 or higher to run on your server. Please make sure that your webserver meet 
this PHP / MySQL requirements.

Funeral Script PHP features:

    One step installation wizard
    Password protected admin area with multiple options and features that you can control
    Ability to add non-administrative content editors - separate administrative functions from content management
    Easily add images with automatic thumbnailing and image resizing
    Ability to add additional images in content using WYSIWYG editor
    Option to add youtube videos
    Full language, label, text, and header editing options
    Fully customizable look and feel without touching script code
    Easily customize and drop into your current website design
    Supports any language
    Can literally be dropped into your current site and usable in minutes, not hours or days
     Share This  button option
    Set number of obituaries per page
    Sort the order of comments in the GuestBook
    Option to ban unwanted words in the GuestBook
    Prevention of HTML and Javascript injections
    Choose between two anti-spam captcha images - simple and reCaptcha
    Option to approve comments before having them listed
    Email notification for the new comments
    RSS Feed with images, validated by w3c

( Copy of the Vendor Homepage: http://www.funeralscriptphp.com )

Details:
========
1.1
Multiple SQL Injection vulnerabilities  are detected in the Funeral Script PHP Content Management System.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands 
on the affected application dbms without user inter action. The vulnerabilities are located in the funeral_script.php 
& admin.php files and the bound vulnerable parameters orderBy, orderType & hide_cat. Successful exploitation of the 
vulnerability results in dbms & application compromise. 

Vulnerable File(s):
      [+] admin.php

Vulnerable Parameter(s):
      [+] orderBy
      [+] orderType
      [+] hide_cat



1.2
Multiple non persistent cross site scripting vulnerabilities are detected in the Funeral Script PHP Content Management System.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with medium or high 
required user inter action or local low privileged user account. Exploitation requires low user inter action or low 
privileged application user account. The bugs are located in the admin.php & funeral_script.php files with the bound 
vulnreable parameters orderBy, search, orderType, p, hide_cat & obit_id. Successful exploitation can result in account 
steal, phishing & client-side content request manipulation.

Vulnerable File(s):
      [+] admin.php
      [+] funeral_script.php

Vulnerable Parameter(s):
      [+] orderBy
      [+] search
      [+] orderType
      [+] obit_id
      [+] p
      [+] hide_cat


Proof of Concept:
=================
1.1
The sql injection vulnerabilities can be exploited by remote attackers with privileged application user account & without
required user inter action. For demonstration or reproduce ...

PoC:
http://127.0.0.1:80/37/funeral_script.php?hide_cat=[SQL-INJECTION]
http://127.0.0.1:80/37/funeralscript/admin.php?act=obituaries&orderType=[ASC/DESC]&search=&orderBy=[SQL-INJECTION]
http://127.0.0.1:80/37/funeralscript/admin.php?act=comments&obit_id=&orderType=[ASC/DESC]&search=&orderBy=[SQL-INJECTION]
http://127.0.0.1:80/37/funeralscript/admin.php?act=comments&obit_id=&orderType=[SQL-INJECTION]
http://127.0.0.1:80/37/funeralscript/admin.php?act=obituaries&orderType=[SQL-INJECTION]


1.2
The non-persistent cross site scripting vulnerabilities can be exploited by remote attackers with medium or high required 
user inter action. For demonstration or reproduce ...

PoC:
http://127.0.0.1:80/37/funeralscript/admin.php?act=obituaries&orderType=[ASC/DESC]&search=&orderBy=[Cross Site Scripting]
http://127.0.0.1:80/37/funeralscript/admin.php?act=obituaries&orderType=[ASC/DESC]&search=[Cross Site Scripting]
http://127.0.0.1:80/37/funeralscript/admin.php?act=obituaries&orderType=[Cross Site Scripting]
http://127.0.0.1:80/37/funeralscript/admin.php?act=comments&obit_id=&orderType=[ASC/DESC]&search=&orderBy=[Cross Site Scripting]
http://127.0.0.1:80/37/funeralscript/admin.php?act=comments&obit_id=[Cross Site Scripting]&orderType=[ASC/DESC]&search=[Cross Site Scripting]
http://127.0.0.1:80/37/funeralscript/admin.php?act=comments&obit_id=&orderType=[Cross Site Scripting]
http://127.0.0.1:80/37/funeralscript/admin.php?act=comments&obit_id=-1%[Cross Site Scripting]


http://127.0.0.1:80/37/funeral_script.php?id=1&p=[Cross Site Scripting]%3C&search=[Cross Site Scripting]
http://127.0.0.1:80/37/funeral_script.php?hide_cat=[Cross Site Scripting]


Risk:
=====
1.1
The security risk of the sql injection vulnerabilities are estimated as high(+).

1.2
The security risk of the non-persistent cross site scripting vulnerabilities are estiamted as low(+).



#  0day.today [2024-11-14]  #
0day Today Exploit Database buy and sell exploits type (local, remote, DoS, PoC, etc.)
Send all submissions to mr.inj3ct0r[at]gmail.com
Copyright © 2008-2024 0day Today Team