Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormBaltazarPACKETSTORM:106858
HistoryNov 11, 2011 - 12:00 a.m.

Plum CMS Blind SQL Injection

2011-11-1100:00:00
baltazar
packetstormsecurity.com
18
JSON
`# Coder : baltazar a.k.a b4ltazar < [email protected]>  
#  
# CMS name : Plum CMS  
# Site : http://www.plum-design.net && http://www.plum.rs  
#  
# Dork : Powered by PlumDesign  
# : Powered by PlumDesign site:.rs   
# : Powered by PlumDesign site:.com  
#  
# Admin panel : N/A  
#  
# Vulnerability : Sites design with Plum CMS suffers from blind SQL injection  
#  
# Vuln parameters : publikacije.php?publCatID=[blind]  
# : katalog.php?catID=[blind]  
# : strana.php?pID=[blind]  
# : reference.php?cID=[blind]  
# : katalog.php?prodID=[blind]  
# : galerija.php?albumID=[blind]  
# : index.php?publ_aricleID=[blind]  
#   
# Table : cms_user  
# Columns : username, password  
#   
# Default admin logins :  
# User : mika : 51fabd9de617b73d0c105c7511bdc03f and cfee398643cbc3dc5eefc89334cacdc1   
# : guja : 70f94bafc8dadfb9e4898dd93aab6ef6   
#   
#   
# Special greetz to my friend sinner_01  
# greetz for d3hydr8, qk, marezzi, fx0, TraXdata, v0da, MikiSoft, Soul and all members of ex darkc0de.com, ljuska.org and x0rg.org  
`
JSON