My Kazaam Notes Management System SQL Injection / Cross Site Scripting

Risk: High
Local: No
Remote: Yes

Author: L0rd CrusAd3r aka VSN [] Exploit Title: My Kazaam Notes Management System Multiple Vulnerability Vendor url: Version:1 Published: 2010-07-11 Greetz to:r0073r (, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz:, inj3ct0r Team , Shoutzz:- To all ICW members. ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Description: Use as an order tracking system with Message confirmed, as a progress chart or an online diary. Operates with file numbers to separate entries ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Vulnerability: Enter the attack parameter on the "Enter Refernce Number Below" Text box *SQLi Vulnerability DEMO URL : http://server/path/notes.php[sqli] *XSS Vulnerability DEMO URL: http://server/path/notes.php[xss] *HTML Vulnerability DEMO URL: http://server/path/notes.php[html] # 0day n0 m0re # # L0rd CrusAd3r # -- With R3gards, L0rd CrusAd3r


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top