EXPLOITS

DIY Web CMS - Multiple Vulnerabilities

Author: p0pc0rn
type: webapps
platform: asp
port: 
date_added: 2011-02-22  
date_updated: 2011-02-22  
verified: 1  
codes: OSVDB-71037;OSVDB-71036;OSVDB-71035;OSVDB-71034  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 16205.txt  

SQL and XSS in DIY Web CMS
found by : p0pc0rn 22/2/2011
web : http://www.mydiyweb.com.my
dork : intext:"powered by DiyWeb"

SQL - Microsoft JET Database Engine error
-----------------------------------------

http://site.com/template.asp?menuid=[SQL]
http://site.com/viewcatalog.asp?id=[SQL]
http://site.com/xxx.asp?id=[SQL]

XSS
---
http://site.com/diyweb/login.asp?msg=[XSS] -- login page