[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Avsarsoft Matbaa Script - Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Avsarsoft Matbaa Script - Multiple Vulnerabilities
From: ZoRLu Bugrahan <zorlu@xxxxxxxxxxxx>
Date: Thu, 23 Apr 2015 15:49:22 +0300

Hi guys,

Avsarsoft Matbaa Script - Multiple Vulnerabilities

Thanks,

ZoRLu

#Title          : Avsarsoft Matbaa Script - Multiple Vulnerabilities
#Author         : ZoRLu / zorlu@xxxxxxxxxxxx
#Website        : milw00rm.com / milw00rm.net / milw00rm.org
#Twitter        : https://twitter.com/milw00rm or @milw00rm
#Test           : Windows7 Ultimate
#Discovery      : 15/04/15
#Publish    : 23/04/15
#Thks           : exploit-db.com, packetstormsecurity.com, securityfocus.com, 
sebug.net, cxsecurity.com and others
#BkiAdam        : Dr.Ly0n, KnocKout, LifeSteaLeR, Nicx
#Demo       : http://avsarsoft.com/matbaa/
#Demo User  : sop08574@xxxxxxxxx
#Demo Pass  : 123456

1) Remote File Upload Vulnerability

you go here:

localhost/path/index.php?Git=KartvizitTasarla

localhost/path//index.php?Git=BrosurTasarla

localhost/path/index.php?Git=DavetiyeTasarla

after click to "Resim Ekle"

select your php file and wait for upload

after go here for you php file

localhost/path/upload/file.php

1) Multiple XSS Vulnerabilities

register to site 

localhost/path/index.php?Git=UyeOl

after login

localhost/path/index.php?Git=Uyelik

after go here and add your xss code

localhost/path/index.php?Git=KontrolPaneli&Sayfa=KisiselBilgilerim

localhost/path/index.php?Git=KontrolPaneli&Sayfa=AdresBilgilerim

localhost/path/index.php?Git=KontrolPaneli&Sayfa=Yorumlar

Prev by Date: Pligg CMS 2.0.2 - Stored XSS
Next by Date: 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes
Previous by thread: Pligg CMS 2.0.2 - Stored XSS
Next by thread: 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes
Index(es):
- Date
- Thread