WmsCMS – Cross-Site Scripting / SQL Injection

• Exploit Database
• 120 阅读

• 作者： Ariko-Security
  日期： 2010-06-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13739/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82

  # Title: XSS, SQL injection vulnerability in WmsCMS # EDB-ID: # CVE: () # OSVDB-ID: () # Author: Ariko-Security # Published: 2010-06-05     ============ { Ariko-Security - Advisory #1/6/2010 } =============   XSS, SQL injection vulnerability in WMSCMS   2007 Secunia Advisory SA25583 (only XSS 3 params)     Vendor's Description of Software: # http://www.wmsdesign.net Demo # http://wmscms.com   Dork: # n/a   Application Info: # Name: WMSCMS # ALL versions   Vulnerability Info: # Type: XSS # Type: SQL injection Vulnerability   Fix: # N/A   Time Table: # 10/05/2010 - Vendor notified.   Input passed via the "search","sbr","pid","sbl","FilePath" parameters to default.asp is not properly   sanitised before being used in a SQL query.   Input passed via the "sbr","pr","psPrice" parameters to printpage.asp is not properly   sanitised before being used in a SQL query.   Input passed to the "search","sbr","p","sbl" parameters in default.asp is not properly   sanitised before being returned to the user.   Solution: # Input validation of all mentioned parameters should be corrected.   Vulnerability: SQLi & BSQLi # http://[site]/default.asp (Parameter search) # http://[site]/default.asp (Parameter sbr) # http://[site]/default.asp (Parameter pid) # http://[site]/default.asp (Parameter sbl) # http://[site]/default.asp (Parameter FilePath) # http://[site]/printpage.asp (Parameter sbr) # http://[site]/printpage.asp (Parameter pr) # http://[site]/printpage.asp (Parameter psPrice)   xss # http://[site]/default.asp (Parameter = search) # http://[site]/default.asp (Parameter = sbr) # http://[site]/default.asp (Parameter = p) # http://[site]/default.asp (Parameter = sbl)   Credit: # Discoverd By: MG / Ariko-Security 2010 # http://secunia.com/advisories/25583/ (XSS 3 params)   Advisory: # http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html     Ariko-Security support@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)