DIY Web CMS suffers from remote SQL injection and cross site scripting vulnerabilities.
478e48a1a352e755b3f38b91bd9d4fa9f280e4c056a3489216a48358b1e03edf
SQL and XSS in DIY Web CMS
found by : p0pc0rn 22/2/2011
web : http://www.mydiyweb.com.my
dork : intext:"powered by DiyWeb"
SQL - Microsoft JET Database Engine error
-----------------------------------------
http://site.com/template.asp?menuid=[SQL]
http://site.com/viewcatalog.asp?id=[SQL]
http://site.com/xxx.asp?id=[SQL]
XSS
---
http://site.com/diyweb/login.asp?msg=[XSS] -- login page