Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx3971.htm

IGES CMS <=2.0 Multiple Vulnerabilities



IGES CMS <=2.0 Multiple Vulnerabilities
IGES CMS <=2.0 Multiple Vulnerabilities



########################## www.BugReport.ir 
#######################################
#
#=09=09AmnPardaz Security Research Team
#
# Title: IGES CMS <=2.0 Multiple Vulnerabilities
# Vendor: www.iges.nl 
# Exploit: Available
# Vulnerable Version: 2.0
# Impact: High
# Fix: N/A
###################################################################################

####################
1. Description:
####################

=09IGES CMS is a complete, fully featured CMS in PHP language with SQL  
and became a powerful CMS having plenty of strong modules.
=09This CMS is not open-source and is accessible for private use by the  
author company for designing their customer's websites.

####################
2. Vulnerabilities:
####################

=092.1. Injection Flaws. SQL Injection in "/news.php" or  
"/news_body.php" in "news_id" parameter.
=09=092.1.1. Exploit:
=09=09=09=09=09=09Check the exploit/POC section.
=092.2. Cross Site Scripting (XSS). Reflected XSS attack in "/links.php"  
in "cat" parameter.
=09=092.2.1. Exploit:
=09=09=09=09=09=09Check the exploit/POC section.

####################
3. Exploits/POCs:
####################

=09Original Exploit URL: http://www.bugreport.ir/50/exploit.htm 

####################
4. Solution:
####################

=09Edit the source code to ensure that inputs are properly sanitized.

####################
5. Credit:
####################

AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir 
WwW.AmnPardaz.com 



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH