Results 1 to 2 of 2

Thread: [Help] XSS + Sql injection? Share/Save - My123World.Com!

  1. #1

    Question [Help] XSS + Sql injection?

    I have a question I would love to ask. I used my Nessus Scanner inside Kali Linux to scan and i got this as a Medium Severity Vulnerability and i got this response

    The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML to be executed in a user's browser within the security context of the affected site.

    The remote web server may be vulnerable to IFRAME injections or cross-site scripting attacks :

    - IFRAME injections allow 'virtual defacement' that might scare or anger gullible users. Such injections are sometimes implemented for 'phishing' attacks.

    - XSS are extensively tested by four other scripts.
    Xss , thats okay but when i watched Amol Naiks Video on youtube, saw something about sql takeover with Xss , now am asking , something of this severity can it be exploitable with SQL injection?

  2. #2
    Web Security Consultant amolnaik4's Avatar
    Join Date
    Jul 2011
    Location
    webr00t
    Posts
    277
    Blog Entries
    4
    Hey,
    My video takes advancetage of known vulnerability in internal application. If you have same knowledge you can surely use that method. If not, you can still exploit xss to hijack victim's browser using BeEF.
    Hope this help.

    AMol NAik

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •