AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS = 2.09 - Remote Blind SQL Injection Exploit Date: 23/05/2013 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Vendor Homepage: http://www.overdoze.ru/ Software Link:...

AVE.CMS 2.09 - index.php?module Blind SQL Injection

AVE.CMS 2.09 - index.php?module Blind SQL Injection !/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS " if url:7 != "http://": url = "http://" + url + "/index.php?module=" else: url = url + "/index.php?module=" database = options = 'Version':'VERSION', 'User':'CURRENTUSER',...

AVE.CMS 2.09 Blind SQL Injection Vulnerability

AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the "module" parameter. This is a proof of concept exploit. This issue is addressed in later versions. !/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS " if url:7 != "http://": url =...

AVE.CMS 2.09 Blind SQL Injection

!/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS " if url:7 != "http://": url = "http://" + url + "/index.php?module=" else: url = url + "/index.php?module=" database = options = 'Version':'VERSION', 'User':'CURRENTUSER', 'Database':'DATABASE' sys.stdout.write"+ Checking...