facebook facebook twitter rss

gov.ar SQL injection and XSS

Author: GeNeRaL , Published: 22-09-2015
[#]Exploit Title: gov.ar SQL injection and XSS
[~]Google Dorks: Search on this IP (200.51.83.137)
[#]Date: 11/9/2015
[~]Exploit Autor: GeNeRaL
[#] Platform: (WebApps)
{-} Affected Webs/Versions : All Webs on this IP (200.51.83.137)
-----------------------------------------------------------------------------------
[#]Vulnerablity : SQL injetion
[~]SQL Bug / Injection :Find any file with ?id= and simply add ' .all files are vulnerable.
[~] Injection Types: Blind / Integer
*********
[#]Examples :
****************
http://localhost/index.php?id=*
*
http://localhost//ficha.php?id=*
*
http://localhost/page.php?id=*
-----------------------------------------------------
[#]Vulnerablity: Cross Site Scripting
[~] XSS : find pages with (page/search/result).php on the IP (200.51.83.137)
{#} info : use HackBar to get the xss
-----------------------------------------------------------------------------------
{#}Demo :
http://www.transporte.mendoza.gov.ar/page.php?id=176'
-----------------------------------------------------------------------------------
{#} Contact :
FB-Profile: www.facebook.com/profile.php?id=100009922878711
FB-Page: www.facebook.com/DigitalHackers
FB-Group: www.facebook.com/groups/Asyad.Hackers
-----------------------------------------------------------------------------------
{-} GreetZ :
[#] Y0ussefHesham - Anas Salah - HaxStorke - CyperPs - Sh4D0W_H4X0R - Plastyne - Kuroi'SH - Razor X Blade - k3nshi
[#] Digital Hackers Team , Russian Hackers Team , Cybernetic Crew Team

Like us on Facebook :