My Kazaam Notes Management System - Multiple Vulnerabilities

EDB-ID:

14325

CVE:

2010-4985 2010-4984

EDB Verified:

Author:

L0rd CrusAd3r

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-07-10

Vulnerable App:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: My Kazaam Notes Management System Multiple Vulnerability
Vendor url:http://www.mykazaam.com
Version:1
Published: 2010-07-11
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Use as an order tracking system with Message confirmed, as a progress chart
or an online diary. Operates with file numbers to separate entries

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

Enter the attack parameter on the "Enter Refernce Number Below" Text box

*SQLi Vulnerability

DEMO URL :

http://server/path/notes.php[sqli]

*XSS Vulnerability

DEMO URL:

http://server/path/notes.php[xss]

*HTML Vulnerability

DEMO URL:

http://server/path/notes.php[html]


# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services