Earthlogic CMS Cross Site Scripting / SQL Injection

2013-09-14T00:00:00
ID PACKETSTORM:123236
Type packetstorm
Reporter IeDb
Modified 2013-09-14T00:00:00

Description

                                        
                                            `###################  
  
# Iranian Exploit DataBase Forum  
  
# http://iedb.ir/acc  
  
# http://iedb.ir  
  
###################  
  
# Exploit Title : Earthlogic Cms Multiple Vulnerability  
  
# Author : Iranian Exploit DataBase  
  
# Discovered By : IeDb  
  
# Email : IeDb.Team@Gmail.com  
  
# Home : http://iedb.ir - http://iedb.ir/acc  
  
# Software Link : http://www.earthlogic.com/  
  
# Security Risk : High  
  
# Tested on : Linux  
  
# Dork : intext:Site developed by Earthlogic  
  
###################  
  
# Exploit :  
  
# http://site.com/news.php?id=[Xss][sql]  
  
# Dem0 :  
  
# http://www.greenmountainclub.org/news.php?id=1[Xss][sql]  
  
# http://thegmc.org/news.php?id=99[Xss][sql]  
  
# http://thegreenmountainclub.net/news.php?id=327[Xss][sql]  
  
# http://thelongtrail.net/news.php?id=327[Xss][sql]  
  
###################  
  
# Tnx To : TaK.FaNaR - l4tr0d3ctism - r3d_s0urc3 - Bl4ck M4n - FIą??iD - Medrik - Dj.TiniVini - dr.koderz - z3r0 - Mr Zer0  
  
# B3hz4d - C0dex - Behnam Vanda - ErfanMs - E2MA3N - S!Y0U.T4r.6T - ????4???? ?Ś3???? - 0x0ptim0us - ARTA  
  
# & All Member In Iedb.ir/acc & Iranian Hackers  
  
###################  
  
# Exploit Archive = http://www.iedb.ir/exploits-551.html  
  
###################  
`