CMS HINTWEB suffers from cross site scripting and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.
0b39f5e0aed97424fec875621406f87187076bc69ba0234a168c7789aded22f4[+] Cross Site Scripting on CMS HINTWEB
[+] Date: 04/05/2014
[+] Risk: LOW
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.hintweb.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: index.php
[+] Exploit : http://host//index.php?txtMSG=[XSS]
[+] PoC : http://www.z3som.com.br/site/index.php?txtMSG=Felipe Andrian Peixoto
http://www.casadoscelulares.com/index.php?txtMSG=Felipe Andrian Peixoto
http://lojaspopular.com.br/index.php?txtMSG=Felipe Andrian Peixoto
[+] Admin Page: http://host/adm/
[+] Blind Sql Injection on CMS HINTWEB
[+] Date: 04/05/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.hintweb.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: index.php
[+] Exploit : http://host/index.php?ID=produto&prod_id=[ Blind SQL Injection]
[+] PoC: http://www.z3som.com.br/site/index.php?ID=produto&prod_id=[SQL Injection]
http://www.lojaspopular.com.br/index.php?ID=produto&prod_id=[SQL Injection]
http://casadoscelulares.com/index.php?ID=produto&prod_id=[SQL Injection]
[+] Admin Page: http://host/adm/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed