YEKTAWEB CMS XSS Vulnerability

- Input validation of Parameter "a_code" should be corrected. Credit: - Isfahan University of Technology - Computer Emergency Response Team Thanks to : N. Fathi, M. R. Faghani

Zigurrat CMS SQL Injection Vulnerability

tion: -- Input validation of Parameter "id" should be corrected. Credit: -- Isfahan University of Technology - Computer Emergency Response Team Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari

Pars CMS SQL Injection Vulnerability

FROM validTableName)%00 http://www.example.com/fa_default.asp?RP=' UNION SELECT TOP 3 AttrName FROM validTableName%00 Solution: -- Input validation of Parameter "RP" should be corrected. Credit: -- Isfahan University of Technology -

Sheedravi CMS SQL Injection Vulnerability

= IUT-CERT = Title: Sheedravi CMS SQL Injection Vulnerability Vendor: www.sheedravi.com Dork: Design by Sheed Graphic Co Type: Input.Validation.Vulnerability (SQL Injection) Fix: N/A == nsec.ir = Description: -

Eshopbuilde CMS SQL Injection Vulnerability

.asp" in "sitebid","secText","newsId" and "client-ip" parameters. http://www.example.com/src=www.example.com/home-f.asp?sitebid=@@version http://www.example.com/src=www.example.com/home-f.asp?sitebid=JyI%3D http://www.example.com/src=www.example.com/home-f.asp?sitebid=%00 other parameters("secText","newsId" and "client-ip") is similar to "sitebid" parameter. Solution: -- Input validation of Parameter "sitebid","id","secText","client-ip","G_id","ma_id","mi_id","Grp_Code","_method","adv_code" should be corrected. Credit: -- Isfahan University of Technology - Computer Emergency Response Team Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi, E. Jafari

Elkapax CMS Cross site scripting vulnerability

Solution: -- Input validation of Parameter "q" should be corrected. Credit: -- Isfahan University of Technology - Computer Emergency Response Team Thanks to : N. Fathi, E. Jafari, M. R. Faghani

Chavoosh CMS SQL Injection Vulnerability

name&Landir=rtl&Lan=Fa Solution: -- Input validation of Parameter "Cat_id" should be corrected. Credit: -- Isfahan University of Technology - Computer Emergency Response Team Thanks to : E. Jafari, N. Fathi, M. R. Faghani

Aryanic HighCMS and HighPortal multiple Vulnerabilities

quot;;alert(12345) Solution: -- Input validation of Parameter "q" should be corrected. Credit: -- Isfahan University of Technology - Computer Emergency Response Team Thanks to : E. Jafari, N.Fathi, M. R. Faghani

YEKTA WEB Academic Web Tools CMS Multiple XSS

oursite/page_arch.php?slc_lang=fa&sid=1&logincase=*/-->alert(188017) http://yoursite/page.php?sid=1&slc_lang=en&redirect=*/-->alert(188017) Solution: ------ Input Validation Filter should be patched. Credit: -- Isfahan University of Technology - Computer Emergency Response Team Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari

BotNet on the Rise

IUT-CERT has received some reports on suspicious link request on HTTP 404 web server log file. All get parameters values were requested with the value of http://babyc***b.fortunecity.co.uk/index.htm. Visiting the suspicious site, we found a PHP malcode that was encrypted by the malicious attack