Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection

EDB-ID:

37100

CVE:

N/A




Platform:

PHP

Date:

2012-04-20


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/53202/info

Waylu CMS is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. 

HTML Injection

http://www.example.com/WebApps/products_xx.php?id=[XSS]

SQL Injection

http://www.example.com/WebApps/products_xx.php?id=[SQL Injection]