DIGIT CMS 1.0.7 Cross Site Scripting / SQL Injection

2012.01.08
Credit: BHG Security Center
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79
Dork: intext:\"Site by DIGIT\"

# Exploit Title: DIGIT Cms SQL Injection / XSS Multiple Vulnerability # Date: 2012-01-05 [GMT +7] # Author: BHG Security Center # Software Link: http://www.dig-it.co.il/ # Vendor Response(s): They didn't respond to the emails. # Dork: intext:"Site by DIGIT" # Version : [1.0.7] # Tested on: ubuntu 11.04 # CVE : - # Finder(s): - Net.Edit0r (Net.edit0r [at] att [dot] net) - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com) ----------------------------------------------------------------------------------------- DIGIT Israel Cms SQL Injection / XSS Multiple Vulnerability ----------------------------------------------------------------------------------------- Author : BHG Security Center Date : 2012-01-05 Location : Iran Web : http://Black-Hg.Org Critical Lvl : Medium Where : From Remote My Group : Black Hat Group #BHG --------------------------------------------------------------------------- PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /website_path/Default.asp?sType=0&PageId=[Sqli] ~ [PoC]Http://[victim]/path/Default.asp?sType=0&PageId=[Sqli] Enter In Search Box XSS Code ~ <FORM action="Default.asp?PageId=-1" method=POST id=searchFORM name=searchFORM style="margin:0;padding:0"> <INPUT type="hidden" value="" name="txtSEARCH"> </FORM> ~ [PoC] ~: Http://[victim]/path/Default.asp Note: There are vulnerabilities in the search field that you can use Timeline: ~~~~~~~~~ - 02 - 01 - 2012 bug found. - 03 - 01 - 2012 vendor contacted, but no response. - 05 - 01 - 2012 Advisories release. Important Notes: ~~~~~~~~~ - Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in - the website, we have used all the emails which had been found by searching in Google such as support, info, and so on. --------------------------------------------------------------------------- Greetz To:A.Cr0x | 3H34N | tHe.k!ll3r | Mr.XHat |NoL1m1t |Bl4ck.Viper Spical Th4nks: B3hz4d | ArYaIeIrAN| _SENATOR_ |Cyber C0der And All My Friendz [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People Greetz To : 1337day.com ~ exploit-db.com [h4ckcity tM] And All Iranian HackerZ -------------------------------- [ EOF ] ----------------------------------

References:

http://www.dig-it.co.il/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top