DIY Web CMS Multiple Vulnerabilities

2011-02-23T00:00:00
ID 1337DAY-ID-15438
Type zdt
Reporter p0pc0rn
Modified 2011-02-23T00:00:00

Description

Exploit for asp platform in category web applications

                                        
                                            SQL and XSS in DIY Web CMS
found by : p0pc0rn 22/2/2011
web : http://www.mydiyweb.com.my
dork : intext:"powered by DiyWeb"
 
SQL - Microsoft JET Database Engine error
-----------------------------------------
 
http://site.com/template.asp?menuid=[SQL]
http://site.com/viewcatalog.asp?id=[SQL]
http://site.com/xxx.asp?id=[SQL]
 
XSS
---
http://site.com/diyweb/login.asp?msg=[XSS] -- login page



#  0day.today [2018-03-20]  #