Gridcc Script 1.0 (SQL/XSS) Multiple Remote Vulnerabilities

vendor:

Gridcc Script

by:

./Red-D3v1L

8,8

CVSS

HIGH

SQL Injection and XSS

89, 79

CWE

Product Name: Gridcc Script

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:gridcc:gridcc_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Gridcc Script 1.0 (SQL/XSS) Multiple Remote Vulnerabilities

The Gridcc Script 1.0 is vulnerable to both SQL Injection and XSS. The SQL Injection vulnerability can be exploited by injecting malicious code into the 'id' parameter of the 'viewnote.php' script. The XSS vulnerability can be exploited by injecting malicious code into the 'id' parameter of the 'viewnote.php' script.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the 'id' parameter of the 'viewnote.php' script.

Source

Exploit-DB raw data:

+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   /
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!!
+===================================================================================+

    [?] ~ Note : sEc-r1z CrEw# r0x !
==============================================================================
    [?] Gridcc Script 1.0 (SQL/XSS) Multiple Remote Vulnerabilities
==============================================================================
    [?] My home:              [ http://sec-r1z.com ]
    [?] Script:               [ Gridcc Script 1.0 ]
    [?] Language:             [ PHP ]
    [?] Vendor                [http://www.gridcc.org/viewnote.php?id=1812]
    [?] Founder:              [ ./Red-D3v1L ]
    [?] Gr44tz to:            [ sec-r1z# Crew - Hackteach Team - My L0ve ~A~ ]
    [?] Fuck To :             [ Zombie_KsA << big big big L4m3r ]
########################################################################

===[ Exploit XSS ]===

[&#65533;]Exploit : [Path]/viewnote.php?id=[XSS Vuln]

-------------------------------------------------------------------------------------------------

===[ Exploit SQL Injection ]===

[&#65533;]Exploit : [Path]/viewnote.php?id=[inject c0dE]


==============================================================================

#sEc-r1z.com Str1kEz y0u !