Laubrotel G.CMS generatorSQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1119531 漏洞类型 SQL注入
发布时间 2010-06-21 更新时间 2010-06-28
CVE编号 CVE-2010-2438 CNNVD-ID CNNVD-201006-400
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/13954
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201006-400
|漏洞详情
G.CMSgenerator存在SQL注入漏洞。远程攻击者可以借助默认的URI(可能是index.php的URI)的lang参数执行任意SQL命令。
|漏洞EXP
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Gcms generator SQLi Vulnerability
Date : june, 21 2010
Critical Level 	: HIGH
Vendor Url : http://www.laubrotel.com/gcms/demo/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description:
Gcms generator is a mini-site version CMS (content management).

With this tool, you can create an unlimited number of mini-site independent of each other, each mini-site has its own administration interface. For each site created a directory "site" is created, which allows you to point a domain name directly on the site
#######################################################################################################
Xploit: SQLi Vulnerability 

DEMO URL 
   http://server/?lang=[inject code]
###############################################################################################################
# 0day no more 
# Sid3^effects
|参考资料

来源:XF
名称:gcmsgenerator-unspecified-sql-injection(59621)
链接:http://xforce.iss.net/xforce/xfdb/59621
来源:EXPLOIT-DB
名称:13954
链接:http://www.exploit-db.com/exploits/13954