Ashiyane Find Multiple Bugs In Webworx Design
Researchers of the Ashiyane Digital Security Team have discover three seperate vulnerabilities in Webworx Design Group product -http://www.easynetsites.com/-:
Dork : intext:”Design by Webworx Design Group • Powered by EasyNetSites.com Webware” cpage.php?pt=
XSS vulnerability
Link: https://cxsecurity.com/issue/WLB-2016120119
Cross-site scripting -XSS- is type of computer security vulnerability found in web applications XSS enable attacker to inject client-side scripts into web page viewed by users A cross-site scripting vulnerability is used by attacker to bypass access controls
Blind SQL Injection vulnerability
Link: https://cxsecurity.com/issue/WLB-2016120120
Blind SQL -Structured Query Language- injection is type of SQL Injection attack queries databases is true or false questions and returns answer based on response of applications This attack is used when the web applications has configured to show generic error messages but has not mitigated vulnerable code
SQL Injection
Link: https://cxsecurity.com/issue/WLB-2016120121
SQL injection attack consists of insertion/ injection of SQL queries via input data from client to applications Successful SQL injection exploits is read data from databases, modify databases data -Insert/Update/Delete commands-, execute admins operations on databases, recovers contents of files on DBMS systems/issues command to operating system