CMS ContWEB SQL Injection

2014-07-02T00:00:00
ID PACKETSTORM:127331
Type packetstorm
Reporter Felipe Andrian Peixoto
Modified 2014-07-02T00:00:00

Description

                                        
                                            `[+] Sql Injection on CMS ContWEB - ATI  
  
[+] Date: 02/07/2014  
  
[+] CWE Number : CWE-89  
  
[+] Risk: High  
  
[+] Author: Felipe Andrian Peixoto  
  
[+] Vendor Homepage: http://www.ati.pi.gov.br/  
  
[+] Contact: felipe_andrian@hotmail.com  
  
[+] Tested on: Windows 7 and Linux  
  
[+] Vulnerable File: album.php  
  
[+} Dork : inurl:album.php?id= + pi.gov.br  
  
[+] Exploit : http://host/album.php?id=[SQL Injection]  
  
[+] PoC: http://www.setre2.pi.gov.br/album.php?id=69  
http://www.cec.pi.gov.br/album.php?id=45  
http://www.eletrobraspiaui.com/album.php?id=35  
  
[+] Admin Page: http://host/adm/  
  
  
  
  
`