DIY Web CMS – Multiple Vulnerabilities

• Exploit Database
• 13 阅读

• 作者： p0pc0rn
  日期： 2011-02-22
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/16205/

• SQL and XSS in DIY Web CMS
  found by : p0pc0rn 22/2/2011
  web : http://www.mydiyweb.com.my
  dork : intext:"powered by DiyWeb"
  
  SQL - Microsoft JET Database Engine error
  -----------------------------------------
  
  http://site.com/template.asp?menuid=[SQL]
  http://site.com/viewcatalog.asp?id=[SQL]
  http://site.com/xxx.asp?id=[SQL]
  
  XSS
  ---
  http://site.com/diyweb/login.asp?msg=[XSS] -- login page