Full title: Internet Para La Rendicion de Cuentas (IPRC) -  SQL InjecTion / Cross-Site Scripting 
Category: web applications
Platform: php
+-------------------------------------------------+
 l # Author: Diego Asencio                                    l
 l # Twitter: @Diego_Asencio                               l
 l # E-mail: diego.asencio@unillanos.edu.co    l
 l # WorkGroup: [!]nside [0]utside - T34M        l
 l # Twt_WG: @insid30utsid3                                l
+-------------------------------------------------+

#############
#  INFORMACION  #
#############
#                                  #######################################
# Exploit Title: IPRC  -  SQL InjecTion / Cross-Site Scripting                                        
# Vendor Name: Internet Para La Rendicion de Cuentas                                              
# Url Vendor:  http://www.iprc.org.co                                                                              
# Category: WebApps                                                                                                             
# Risk: Critical                                                                                                                           
# GoogleDork: "index.shtml?apc=I-xx-1-&x="  [or] "sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D= "                                                                                   
# 0day exploits : 1337day.com Inj3ct0r Exploit DataBase                                          
###################################################

# 0day.today @ http://0day.today/