Home / vulnerabilities Seditio CMS SQL Injection
Posted on 14 May 2015
Source : packetstormsecurity.org Link
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Exploit Title : Seditio CMS SQL Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage: www.seditiocms.com
Google Dork : intext:Powered by Seditio CMS
Date : 2015-05-13
Tested On : linux Kali + Windows Se7en
Link Software : http://www.seditiocms.com/datas/users/1/1-10d40e-sed-en.rar
[-][-][-][-][-][-][-][-][-][-] DESCRITION [-][-][-][-][-][-][-][-][-][-]
Seditio CMS SQL injection vulnerabilities has been found and confirmed
within the software as an anonymous user.
The following URLs and parameters have been confirmed to suffer from
SQL injection.
Since link Redirect To . Injection can not manually
And all the data is converted to Base64
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
~ ~ ~> Location Online Site Dem0 <~ ~ ~
http://www.Target.com/page.php?id=[SQL]
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Vulnerability File : page.php
Vulnerability CODE :
$sql = sed_sql_query("UPDATE $db_pages SET
page_count='".$pag['page_count']."' WHERE
page_id='".$pag['page_id']."'");
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
::: >> ASHIYANE THE FIRST SECURITY FORUM IN IRAN << :::
Discovered by : SeRaVo.BlackHat >> H.4.S.S.4.N <<
Special Tnx : H_SQLI.EMpiRe - Ac!D - Und3rgr0und - EviL ShaDoW
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
