Word Directory Script 2.1 Cross Site Scripting / SQL Injection

Word Directory Script version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.


MD5 | 698c9bc8ebe456fe94e0c04618366425

################################################
#Title: Word Directory Script v 2.1 - Cross Site Scripting / SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://www.phponly.com/
#Vendor URL: http://www.phponly.com/words.html
#Product: Word Directory Script v 2.1
#Google Dork: N/A
################################################
#
# Product & Service Introduction:
#
# "Word Directory Script"
# The big difference between this directory and the others,
# is that this one has a user statistic where users can login and see how
many hits their words have received.
# This word directory offers you better features than any other.
# Listings cannot be submitted until payment has been received.
#
# [POST/\Method]
http://localhost/words/submitword.php
# Data: name=[SQL]Tebi&client_mail=demo%40demo.com[SQL]&url=http%3A%2F%
2Fwww.google.com
[SQL]&word=tebi&size=15[SQL]&is_bold=1&color=%230000FF&title=aaaaaa[SQL]&terms_accepted=1&buyword=
#
# PoC:
# http://prntscr.com/evwcwr
# http://prntscr.com/evwejp
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts