Wednesday, April 29, 2009

SQLi and XSS vulnerabilities in IPL website

###################################
# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################

Vuln URL: hxxp://www.iplt20.com



Click here for SQLi demo

There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)

What's more you can insert, update, and delete tables in their DB :))

Happy hunting, Cheers!
Posted by at No comments:
Labels: , , , , , , , , , , ,

Saturday, April 25, 2009

XSS in Imageshack

################################
# Website: http://www.imageshack.us
# Bug: XSS
# Date: 25.04.09
##############################



Vuln URL: hxxp://www.imageshack.us

Click here for XSS demo

Fix your input validation.

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)