php-handicapper.txt

php-handicapper.txt: Posted Nov 3, 2005; Authored by BiPi_HaCk | Site NightmareTeAmZ.altervista.org; PHP HANDICAPPER is susceptible to cross site scripting, SQL injection, and other flaws. Details provided.; tags | exploit, php, xss, sql injection; SHA-256 | 2b6f990448729227c0ef62fc5049f14e49cdcabb515a207f26749fe31b402dc7; Download | Favorite | View

php-handicapper.txt

------------------------------------------------------
      Nightmare TeAmZ Advisory 013
------------------------------------------------------
Date -  10/2005
PHP HANDICAPPER Multiple Vulnerability


AFFECTED PRODUCTS
=================
PHP HANDICAPPER
http://www.phphandicapper.com


OVERVIEW
========
Out Of The Box Complete Website, Easily Automate Your Sports Picks / Sports 
Information Predictions. All sports - football,basketball,boxin g,baseball, 
college, pro etc. Offer your services like daily, weekly or seasonal 
selections. Payments to you and member process is automated. Detail your 
plays like side,total parlay, time of event,comments and more. Auto-tracking 
of wins and losses. There are built in live scores, Faq's,free picks page, 
and full control of the sites look with header, built in html editor, and 
logo manager. Members login has details of their account service(s) ordered, 
picks, and messages to them. Services expire but members dont, so they can 
always purchase more picks on their account. Online Demo, Optional Free 
Installation And Free Hosting Available.

Vulnerability:
========
1.Sql Injection
2. Xss
3.CRLF injection

Overwiew:
========
1.
An unauthenticated attacker may execute arbitrary SQL statements on the 
vulnerable system. This may compromise the integrity of your database and 
expose sensitive information
2.
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into 
a vulnerable application to fool a user in order to gather data from them.
3.
This script is possible vulnerable to CRLF injection attacks. Is it possible 
for a remote attacker to inject custom HTTP headers.

Exemple:
========
1.
http://www.phphandicapper.com/front//process_signup.php?serviceid=[SQL]
2.
http://www.phphandicapper.com/front/msg.php?msg=[XSS]
3.
http://www.phphandicapper.com/front//process_signup.php?login=[CRLF]


Solution:
=========
1. Venditor Not Contacted


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: http://www.NightmareTeAmZ.altervista.org <--IT Security Forum

_________________________________________________________________
Ricerche online più semplici e veloci con MSN Toolbar! 
http://toolbar.msn.it/

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 87 files
Gentoo 31 files
Debian 20 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,081)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,414)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,315)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,668)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

php-handicapper.txt

php-handicapper.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

php-handicapper.txt

Share This

php-handicapper.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems