Ashiyane Find Multiple Bugs In Webworx Design

Researchers of the Ashiyane Digital Security Team have discover three seperate vulnerabilities in Webworx Design Group product -http://www.easynetsites.com/-:

Dork : intext:”Design by Webworx Design Group • Powered by EasyNetSites.com Webware” cpage.php?pt=

XSS vulnerability

Link: https://cxsecurity.com/issue/WLB-2016120119

Cross-site scripting -XSS- is type of computer security vulnerability found in web applications XSS enable attacker to inject client-side scripts into web page viewed by users A cross-site scripting vulnerability is used by attacker to bypass access controls

Blind SQL Injection vulnerability

Link: https://cxsecurity.com/issue/WLB-2016120120

Blind SQL -Structured Query Language- injection is type of SQL Injection attack queries databases is true or false questions and returns answer based on response of applications This attack is used when the web applications has configured to show generic error messages but has not mitigated vulnerable code

SQL Injection

Link: https://cxsecurity.com/issue/WLB-2016120121

SQL injection attack consists of insertion/ injection of  SQL queries via input data from client to applications Successful SQL injection exploits is read data from databases, modify databases data -Insert/Update/Delete commands-, execute admins operations on databases, recovers contents of files on DBMS systems/issues command to operating system

Leave a Reply

Your email address will not be published. Required fields are marked *